Summary

When a new user registers, JSS should auto-create a ready-to-use pod with a profile page, proper ACLs, and a public directory.

Proposed structure

username.example.com/
├── index.html          ← Profile with JSON-LD data island + losos shell
├── .acl                ← Owner full access, public read for root only
├── public/
│   └── .acl            ← Public read + owner write (default for children)

index.html template

The profile index.html should contain:

• A <script type="application/ld+json"> data island with the user's WebID profile (foaf:Person)
• The mashlib/losos shell for rendering (<div id="mashlib"> + mashlib-module script)

This gives each user a vanity WebID at the root: https://username.example.com/#me

ACL structure

• Root .acl: Owner full access + public read for accessTo (profile visible), but owner-only default (children private)
• public/.acl: Public read with default (everything in public/ is readable)

Benefits

• WebID at the root (https://user.example.com/#me) — clean vanity URL
• Profile renders immediately via embedded losos shell (no redirect)
• Private by default — only profile and /public/ are world-readable
• JSS serves JSON-LD via content negotiation (extracts from data island)
• New users see their profile page immediately after registration

Context

Currently pods are created with a Turtle profile card at /profile/card and no ACLs, requiring manual setup. This was prototyped on solid.social with the melvin pod.