Private and controlled access data

Data GUIDs may represent some controlled access data and offer no specific ACL schema. Can we help instruct clients on how to implement access control for data represented by a given GUID? If data is meant to be private, should it be kept in a separate namespace?

I think this information can potentially be included on a per URL basis in the records? We could simply have a secondary URL that leads to a landing page which describes how to access the data. This would be useful because you may have data in say a requestor pays bucket on GCP and open access on AWS in addition to things like ACLs.

We could facilitate a second record that states something about automatic negotiation means too? In Gen3 we actually split this responsibility so Indexd is only in charge of maintaining GUID -> URL mapping and Fence is responsible for understanding how to process the URLs in a way that it can allow access.