it's probably better to use capabilities (as in: having a secure handler to some resource means having some kind of access to it), instead of ACLs. As in Sandstorm (see https://docs.sandstorm.io/en/latest/using/security-practices...)

(note that URLs can't be a secure handler, since it's just a string that anyone can create. But a URL plus a cryptographic signature could be)