diff --git a/assets/loama-extended.drawio.png b/assets/loama-extended.drawio.png
new file mode 100644
index 0000000..18f420c
Binary files /dev/null and b/assets/loama-extended.drawio.png differ
diff --git a/assets/loama-short.drawio.png b/assets/loama-short.drawio.png
new file mode 100644
index 0000000..f46f192
Binary files /dev/null and b/assets/loama-short.drawio.png differ
diff --git a/controller/src/classes/Controller.ts b/controller/src/classes/Controller.ts
index aa3aad1..b039e39 100644
--- a/controller/src/classes/Controller.ts
+++ b/controller/src/classes/Controller.ts
@@ -1,3 +1,4 @@
+import { getDefaultSession } from "@inrupt/solid-client-authn-browser";
 import { BaseSubject, Index, IndexItem, Permission, ResourcePermissions, Resources, SubjectPermissions } from "../types";
 import { IAccessRequest, IController, IInboxConstructor, IStore, IStoreConstructor, SubjectConfig, SubjectConfigs, SubjectKey, SubjectType } from "../types/modules";
 import { AccessRequest } from "./accessRequests/AccessRequest";
@@ -5,10 +6,10 @@ import { InruptAccessRequest } from "./accessRequests/InruptAccessRequest";
 import { Mutex } from "./utils/Mutex";
 
 export class Controller<T extends Record<keyof T, BaseSubject<keyof T & string>>> extends Mutex implements IController<T> {
-    private index: IStore<Index<T[keyof T & string]>>
-    private resources: IStore<Resources>
+    private index: IStore<Index<T[keyof T & string]>>;
+    private resources: IStore<Resources>;
     private accessRequest: AccessRequest;
-    private subjectConfigs: SubjectConfigs<T>
+    private subjectConfigs: SubjectConfigs<T>;
 
     // TODO : Find a better way of constructing the controller with all the different modules
     constructor(storeConstructor: IStoreConstructor, inboxConstructor: IInboxConstructor, subjects: SubjectConfigs<T>) {
@@ -28,65 +29,7 @@ export class Controller<T extends Record<keyof T, BaseSubject<keyof T & string>>
         return subjectConfig as SubjectConfig<T, T[K]>
     }
 
-    private async getExistingRemotePermissions<K extends SubjectKey<T>>(resourceUrl: string, subject: T[K]): Promise<Permission[]> {
-        const subjectConfig = this.getSubjectConfig(subject)
-        const subjects = await subjectConfig.manager.getRemotePermissions<K>(resourceUrl);
-        const subjectPermission = subjects.find(entry => subjectConfig.resolver.checkMatch(entry.subject, subject))
-
-        return [...subjectPermission?.permissions ?? []]
-    }
-
-
-    private async getExistingPermissions<K extends SubjectKey<T>>(resourceUrl: string, subject: T[K]): Promise<Permission[]> {
-        const item = await this.getItem(resourceUrl, subject);
-        if (item) {
-            // Makeing sure the array is not a reference to the one stored in the index
-            return [...item.permissions]
-        }
-        return this.getExistingRemotePermissions(resourceUrl, subject);
-    }
-
     private async updateItem<K extends SubjectKey<T>>(resourceUrl: string, subject: SubjectType<T, K>, permissions: Permission[], alwaysKeepItem = false) {
-        let item = await this.getItem(resourceUrl, subject);
-        const { manager } = this.getSubjectConfig(subject)
-
-        if (item) {
-            await manager.editPermissions(resourceUrl, item, subject, permissions);
-        } else {
-            await manager.createPermissions(resourceUrl, subject, permissions);
-
-            item = {
-                id: crypto.randomUUID(),
-                requestId: crypto.randomUUID(),
-                isEnabled: true,
-                permissions: permissions,
-                resource: resourceUrl,
-                subject: subject,
-            }
-
-            const index = await this.index.getCurrent();
-            index.items.push(item);
-        }
-
-        if (!alwaysKeepItem && permissions.length === 0 && manager.shouldDeleteOnAllRevoked()) {
-            const index = await this.index.getCurrent();
-            const idx = index.items.findIndex(i => i.id === item.id);
-            index.items.splice(idx, 1);
-        } else {
-            item.permissions = permissions;
-
-            // The SOLID server OR the SDK does not directly push the update to the acl files for some reason
-            // Here we give it some time to save/push the changes
-            await new Promise(res => setTimeout(res, 500));
-            // extra check what the ACL currently has stored as info. Will decrease the chance of the index going out of sync with the ACL file
-            const remotePermissions = await this.getExistingRemotePermissions(resourceUrl, subject);
-            if (remotePermissions !== permissions) {
-                console.debug("Permissions in index are out of sync with remote, updating index...", subject);
-                item.permissions = remotePermissions;
-            }
-        }
-
-        await this.index.saveToRemote();
     }
 
     AccessRequest(): IAccessRequest {
@@ -94,19 +37,13 @@ export class Controller<T extends Record<keyof T, BaseSubject<keyof T & string>>
     }
 
     async setPodUrl(podUrl: string) {
-        this.index.setPodUrl(podUrl);
-        this.resources.setPodUrl(podUrl);
-        await this.accessRequest.setPodUrl(podUrl)
     }
 
     unsetPodUrl() {
-        this.index.unsetPodUrl();
-        this.resources.unsetPodUrl();
-        this.accessRequest.unsetPodUrl();
     }
 
     async getOrCreateIndex() {
-        return this.index.getOrCreate();
+        return { id: "", items: [] }
     }
 
     getLabelForSubject<K extends SubjectKey<T>>(subject: T[K]): string {
@@ -114,26 +51,36 @@ export class Controller<T extends Record<keyof T, BaseSubject<keyof T & string>>
         return resolver.toLabel(subject);
     }
 
+    /**
+     * Assemble the information for a subject in a resource
+     * @returns 
+     */
     async getItem<K extends SubjectKey<T>>(resourceUrl: string, subject: SubjectType<T, K>): Promise<IndexItem<T[K]> | undefined> {
-        const { resolver } = this.getSubjectConfig<K>(subject);
-
-        const index = await this.index.getCurrent() as Index<T[K]>;
-        return resolver.getItem(index, resourceUrl, subject.selector)
+        const subjectConfig = this.getSubjectConfig(subject)
+        const subjects = await subjectConfig.manager.getRemotePermissions<K>(resourceUrl);
+        const subjectPermission = subjects.find(entry => subjectConfig.resolver.checkMatch(entry.subject, subject))
+        if (!subjectPermission) return undefined
+        return {
+            id: "string",
+            requestId: "string",
+            isEnabled: subjectPermission.isEnabled,
+            permissions: [...subjectPermission.permissions ?? []],
+            resource: resourceUrl,
+            subject: subject,
+        } as IndexItem<T[K]>
     }
 
     async addPermission<K extends SubjectKey<T>>(resourceUrl: string, addedPermission: Permission, subject: SubjectType<T, K>) {
         const release = await this.acquire();
         try {
-            let permissions = await this.getExistingPermissions(resourceUrl, subject);
 
-            if (permissions.indexOf(addedPermission) !== -1) {
-                console.error("Permission already granted")
-                return permissions;
-            }
+            // 1. Create a new permission for the subject
+            await this.getSubjectConfig(subject).manager.createPermissions(resourceUrl, subject, [addedPermission])
 
-            permissions.push(addedPermission)
+            // 2. Let the manager add the permission, return the updated version
+            const webId = getDefaultSession().info.webId!;
+            const permissions = await this.getSubjectConfig(subject).manager.getTargetPermissionsForUser(webId, subject.selector?.url ?? "", resourceUrl);
 
-            await this.updateItem(resourceUrl, subject, permissions)
             return permissions;
         } catch (e) {
             throw e;
@@ -143,187 +90,53 @@ export class Controller<T extends Record<keyof T, BaseSubject<keyof T & string>>
     }
 
     async removeSubject<K extends SubjectKey<T>>(resourceUrl: string, subject: SubjectType<T, K>) {
-        await this.updateItem(resourceUrl, subject, []);
-
         const subjectConfig = this.getSubjectConfig(subject);
-        const index = await this.index.getCurrent() as Index<T[K]>;
-
-        const item = subjectConfig.resolver.getItem(index, resourceUrl, subject.selector);
-        if (!item) return;
-
-        await subjectConfig.manager.deletePermissions(resourceUrl, subject);
-
-        const idx = index.items.findIndex(i => subjectConfig.resolver.checkMatch(i.subject, subject));
-        index.items.splice(idx, 1);
+        const item = await this.getItem(resourceUrl, subject);
 
-        await this.index.saveToRemote();
+        await subjectConfig.manager.deletePermissions(resourceUrl, subject, item?.permissions ?? []);
     }
 
     async removePermission<K extends SubjectKey<T>>(resourceUrl: string, removedPermission: Permission, subject: SubjectType<T, K>) {
-        const release = await this.acquire();
+        const release = await this.acquire()
         try {
-            let oldPermissions = await this.getExistingPermissions(resourceUrl, subject);
-            let newPermissions = oldPermissions.filter((p) => p !== removedPermission);
 
-            if (newPermissions.length === oldPermissions.length) {
-                console.error("Permission not found")
-                return oldPermissions;
-            }
+            // 1. Delete a permission for the subject
+            await this.getSubjectConfig(subject).manager.deletePermissions(resourceUrl, subject, [removedPermission]);
 
-            await this.updateItem(resourceUrl, subject, newPermissions)
-            return newPermissions;
-        } catch (e) {
-            throw e;
+            // 2. Let the manager delete the permission, return the updated version
+            const webId = getDefaultSession().info.webId!;
+            const permissions = await this.getSubjectConfig(subject).manager.getTargetPermissionsForUser(webId, subject.selector!.url, resourceUrl);
+
+            return permissions
+
+        } catch (error) {
+            return []
         } finally {
             release();
         }
     }
 
     async enablePermissions<K extends SubjectKey<T>>(resource: string, subject: SubjectType<T, K>) {
-        let item = await this.getItem(resource, subject);
-        if (!item) {
-            // This point should never be reached
-            throw new Error("Item not found to enable permissions from")
-        }
-
-        const { manager } = this.getSubjectConfig(subject)
-        await manager.createPermissions(resource, subject, item.permissions);
-
-        item.isEnabled = true;
-        await this.index.saveToRemote()
+        // won't fix
     }
 
     async disablePermissions<K extends SubjectKey<T>>(resourceUrl: string, subject: SubjectType<T, K>) {
-        let item = await this.getItem(resourceUrl, subject);
-        if (!item) {
-            throw new Error("Item not found to disable permissions from")
-        }
-
-        const { manager } = this.getSubjectConfig(subject)
-        await manager.editPermissions(resourceUrl, item, subject, []);
-
-        item.isEnabled = false;
-
-        await this.index.saveToRemote()
+        // won't fix
     }
 
     async getContainerPermissionList(containerUrl: string): Promise<ResourcePermissions<T[keyof T]>[]> {
-        const configs: SubjectConfig<T>[] = Object.values(this.subjectConfigs);
-
-        const index = await this.index.getCurrent();
-        const resourcesToSkip = index.items.filter(i => {
-            if (!i.resource.includes(containerUrl)) {
-                return false;
-            }
-            const strippedURI = i.resource.replace(containerUrl, "");
-            const slashIdx = strippedURI.indexOf("/");
-            if (slashIdx < 0) {
-                return true;
-            }
-            return !strippedURI.includes("/", slashIdx + 1)
-        });
-
-        const results = await Promise.allSettled(configs.map(c => c.manager.getContainerPermissionList(containerUrl, resourcesToSkip.map(i => i.resource))))
-        const resourcesToClean = resourcesToSkip.filter(r => r.isEnabled).map(r => r.resource);
-
-        if (results.length !== 0) {
-            index.items.push(...results.reduce<IndexItem<T[SubjectKey<T>]>[]>((arr, v) => {
-                if (v.status === "fulfilled") {
-                    // Check if the resourceUrl is already present before pushing it into the array
-                    v.value.forEach((r) => {
-                        for (let i = 0; i < resourcesToClean.length; i++) {
-                            const rtc = resourcesToClean[i];
-                            if (r.resourceUrl.includes(rtc)) {
-                                resourcesToClean.splice(i, 1);
-                                i--;
-                            }
-                        }
-                        // @ts-expect-error
-                        arr.push(...r.permissionsPerSubject.map(p => ({
-                            id: crypto.randomUUID(),
-                            requestId: crypto.randomUUID(),
-                            isEnabled: true,
-                            permissions: p.permissions,
-                            resource: r.resourceUrl,
-                            subject: p.subject
-                        })))
-                    })
-                }
-                return arr;
-            }, []));
-        }
-
-        await Promise.allSettled(resourcesToClean.map(async r => {
-            for (let i = 0; i < index.items.length; i++) {
-                let entry = index.items[i];
-                if (!entry.resource.includes(r)) {
-                    continue
-                }
-                index.items.splice(i, 1);
-            }
-        }));
-
-        await this.index.saveToRemote();
-
-        return await index.items.reduce<Promise<ResourcePermissions<T[keyof T]>[]>>(async (arr, v) => {
-            const resourcePath = v.resource.replace(containerUrl, "");
-            const amountOfSlashes = resourcePath.replace(/[^\/]/g, "").length;
-            if ((amountOfSlashes == 1 && !resourcePath.endsWith("/")) || resourcePath.startsWith("/") || amountOfSlashes > 1) {
-                return arr;
-            }
-            let indexItems = await arr;
-            let existingInfo = indexItems.find((info) => info.resourceUrl === v.resource);
-            if (existingInfo) {
-                existingInfo.permissionsPerSubject.push({
-                    permissions: v.permissions,
-                    subject: v.subject,
-                    isEnabled: v.isEnabled,
-                })
-            } else {
-                indexItems.push({
-                    resourceUrl: v.resource,
-                    canRequestAccess: await this.accessRequest.canRequestAccessToResource(v.resource),
-                    permissionsPerSubject: [{
-                        permissions: v.permissions,
-                        subject: v.subject,
-                        isEnabled: v.isEnabled,
-                    }]
-                })
-            }
-            return indexItems;
-        }, Promise.resolve([]));
+        return this.getSubjectConfig({ type: "public" } as T[SubjectKey<T>]).manager.getContainerPermissionList(containerUrl);
     }
 
     // NOTE: Do we want to force this to only use the index stored in the store?
-    async getResourcePermissionList(resourceUrl: string) {
-        // Need to put it in a variable because the type declaration vanishes
-        const configs: SubjectConfig<T>[] = Object.values(this.subjectConfigs);
-        const index = await this.index.getCurrent();
-        const results = await Promise.allSettled(configs.map(c => c.manager.getRemotePermissions<keyof T & string>(resourceUrl)))
-
-        let permissionsPerSubject = index.items.filter(i => i.resource === resourceUrl)
+    async getResourcePermissionList(resourceUrl: string): Promise<ResourcePermissions<T[keyof T]>> {
+        const result = await this.getSubjectConfig({ type: "public" } as T[SubjectKey<T>]).manager.getRemotePermissions(resourceUrl);
 
         return {
             resourceUrl,
-            canRequestAccess: await this.accessRequest.canRequestAccessToResource(resourceUrl),
-            permissionsPerSubject: results.reduce<SubjectPermissions<T[keyof T & string]>[]>((arr, v) => {
-                if (v.status === "fulfilled") {
-                    v.value.forEach(remotePps => {
-                        const { resolver } = this.getSubjectConfig(remotePps.subject);
-                        const indexItem = arr.find(pps => resolver.checkMatch(remotePps.subject, pps.subject));
-
-                        if (indexItem) {
-                            if (indexItem.isEnabled) {
-                                indexItem.permissions = remotePps.permissions;
-                            }
-                        } else {
-                            arr.push(remotePps)
-                        }
-                    })
-                }
-                return arr;
-            }, permissionsPerSubject)
-        }
+            canRequestAccess: true, // TODO
+            permissionsPerSubject: result
+        };
     }
 
     isSubjectSupported<K extends string, B extends BaseSubject<K>>(subject: BaseSubject<K>): IController<Record<K, B>> {
diff --git a/controller/src/classes/permissionManager/inrupt/GroupManager.ts b/controller/src/classes/permissionManager/inrupt/GroupManager.ts
index 8ad2dea..c3b2e6b 100644
--- a/controller/src/classes/permissionManager/inrupt/GroupManager.ts
+++ b/controller/src/classes/permissionManager/inrupt/GroupManager.ts
@@ -58,4 +58,6 @@ export class GroupManager<T extends Record<keyof T, BaseSubject<keyof T & string
             isEnabled: true,
         }))
     }
+
+    type = 'groupManager'
 }
diff --git a/controller/src/classes/permissionManager/inrupt/InruptPermissionManager.ts b/controller/src/classes/permissionManager/inrupt/InruptPermissionManager.ts
index c91d194..a11ef25 100644
--- a/controller/src/classes/permissionManager/inrupt/InruptPermissionManager.ts
+++ b/controller/src/classes/permissionManager/inrupt/InruptPermissionManager.ts
@@ -1,7 +1,11 @@
 import { Access, AccessModes, getSolidDataset, getThingAll } from "@inrupt/solid-client";
 import { SubjectPermissions, BaseSubject, IndexItem, Permission, ResourcePermissions } from "../../../types";
-import { SubjectKey } from "../../../types/modules";
+import { SubjectKey, TargetSubjects } from "../../../types/modules";
 import { getDefaultSession } from "@inrupt/solid-client-authn-browser";
+import { ODRL } from "../../../classes/utils/PolicyParser";
+import { PolicyInterpreter } from "../../../classes/utils/PolicyInterpreter";
+import { PolicyService } from "../../../classes/utils/PolicyService";
+import { Store } from 'n3';
 
 const ACCESS_MODES_TO_PERMISSION_MAPPING: Record<keyof (AccessModes & Access), Permission> = {
     read: Permission.Read,
@@ -12,7 +16,6 @@ const ACCESS_MODES_TO_PERMISSION_MAPPING: Record<keyof (AccessModes & Access), P
     controlWrite: Permission.Control,
 }
 
-
 /**
  * A permission manager implementation using the inrupt sdk to actually update the ACL
  * The "Inrupt" prefix is to indicate the usage of the inrupt sdk
@@ -75,38 +78,107 @@ export abstract class InruptPermissionManager<T extends Record<keyof T, BaseSubj
         return accessModes;
     }
 
-    abstract getRemotePermissions<K extends SubjectKey<T>>(resourceUrl: string): Promise<SubjectPermissions<T[K]>[]>
+    /**
+     * Function to specifically get the permission list for an assignee on a certain target
+     * 
+     * TODO: split in subject
+     */
+    public async getTargetPermissionsForUser(assignerId: string, assigneeId: string, targetId: string): Promise<Permission[]> {
+        const store: Store = await new PolicyService().fetchPolicies(assignerId);
+        const target: TargetSubjects = new PolicyInterpreter().permissionsForOneResource(targetId, store);
+
+        // If there are no private permissions, or no private permissions for the assignee, return the public ones (or nothing if they don't exist)
+        if (!target.private || !target.private.get(assigneeId)) return Array.from(target.public?.permissions! ?? [])
+
+        return Array.from(target.private.get(assigneeId)?.permissions!) ?? []
+    }
 
-    async getContainerPermissionList(containerUrl: string, resourceToSkip: string[] = []) {
+
+    public async getRemotePermissions<K extends SubjectKey<T>>(resourceUrl: string): Promise<SubjectPermissions<T[K]>[]> {
+        // Extract our webID
         const session = getDefaultSession();
-        // this request is cached, so it doesn't matter if it's emitted multiple times in a short span
-        const dataset = await getSolidDataset(containerUrl, { fetch: session.fetch });
-        const results = await Promise.allSettled(
-            getThingAll(dataset)
-                .map(async (resource) => {
-                    if (resourceToSkip.includes(resource.url)) {
-                        return {
-                            resourceUrl: resource.url,
-                            // We can set this to false as this is the default & getting doubled checked in the controller
-                            canRequestAccess: false,
-                            permissionsPerSubject: [],
-                        }
-                    }
-                    return {
-                        resourceUrl: resource.url,
-                        // We can set this to false as this is the default & getting doubled checked in the controller
-                        canRequestAccess: false,
-                        permissionsPerSubject: await this.getRemotePermissions(resource.url)
-                    }
+        const webId = session.info.webId;
+
+        // We must be logged on
+        if (!webId) {
+            throw new Error("User not logged in");
+        }
+
+        // Retrieve our policies
+        const store = await new PolicyService().fetchPolicies(webId);
+
+        // Get detailed info about the target
+        const interpreter = new PolicyInterpreter();
+        const target: TargetSubjects = interpreter.permissionsForOneResource(resourceUrl, store);
+
+
+        if (target) {
+            const subjectPermissions: SubjectPermissions<T[K]>[] = [];
+            // Add the owner information
+            subjectPermissions.push({
+                subject: {
+                    type: "webId",
+                    selector: { url: target.assigner }
+                } as unknown as T[K],
+                permissions: [Permission.Append, Permission.Control, Permission.Create, Permission.Read, Permission.Write],
+                isEnabled: true,
+                targetId: target.targetUrl
+            })
+
+            // Add the public information
+            if (target.public && target.public.permissions.size > 0) subjectPermissions.push({
+                subject: {
+                    type: "public",
+                } as unknown as T[K],
+                permissions: Array.from(target.public.permissions),
+                isEnabled: true, // Not yet implemented, there is no odrl equivalent?
+                targetId: target.targetUrl
+            })
+
+            // Add the private subjects
+            if (target.private) target.private.forEach(subject => {
+                if (subject.permissions.size > 0) subjectPermissions.push({
+                    subject: {
+                        type: "webId",
+                        selector: { url: subject.subject }
+                    } as unknown as T[K],
+                    permissions: Array.from(subject.permissions),
+                    isEnabled: true, // Not yet implemented, there is no odrl equivalent?
+                    targetId: target.targetUrl
                 })
-        )
-        return results.reduce<ResourcePermissions<T[keyof T]>[]>((arr, v) => {
-            if (v.status == "fulfilled") {
-                arr.push(v.value);
-            }
-            return arr;
-        }, [])
+            })
+            return subjectPermissions;
+        }
+
+        return [];
+    }
+
+
+    async getContainerPermissionList(containerUrl: string, resourceToSkip: string[] = []): Promise<ResourcePermissions<T[keyof T]>[]> {
+        // Extract our webID
+        const session = getDefaultSession();
+        const webId = session.info.webId;
+
+        // We must be logged on
+        if (!webId) {
+            throw new Error("User not logged in");
+        }
+
+        const store = await new PolicyService().fetchPolicies(webId);
+
+        // Collect target urls
+        const targetUrls = Array.from(new Set(store.getQuads(null, ODRL('target'), null, null).map(q => q.object.id)));
+        const resourcePermissions: ResourcePermissions<T[keyof T]>[] = []
+        for (const targetUrl of targetUrls) {
+            const perms = await this.getRemotePermissions(targetUrl);
+            resourcePermissions.push({
+                resourceUrl: targetUrl,
+                canRequestAccess: true, // TODO: based on proper access logic
+                permissionsPerSubject: perms
+            })
+        }
 
+        return resourcePermissions;
     }
 
     shouldDeleteOnAllRevoked() { return true }
diff --git a/controller/src/classes/permissionManager/inrupt/PublicManager.ts b/controller/src/classes/permissionManager/inrupt/PublicManager.ts
index cd8e6b4..b389fa3 100644
--- a/controller/src/classes/permissionManager/inrupt/PublicManager.ts
+++ b/controller/src/classes/permissionManager/inrupt/PublicManager.ts
@@ -1,49 +1,25 @@
-import { AccessModes, getSolidDataset, getThingAll } from "@inrupt/solid-client";
-import { BaseSubject, IndexItem, Permission, ResourcePermissions } from "../../../types";
+import { PolicyService } from "../../../classes/utils/PolicyService";
+import { BaseSubject, IndexItem, Permission } from "../../../types";
 import { IPermissionManager, SubjectKey } from "../../../types/modules";
 import { InruptPermissionManager } from "./InruptPermissionManager";
-import { getDefaultSession } from "@inrupt/solid-client-authn-browser";
-import { getPublicAccess, setPublicAccess } from "@inrupt/solid-client/universal";
-import { cacheBustedSessionFetch } from "../../../util";
 
 export class PublicManager<T extends Record<keyof T, BaseSubject<keyof T & string>>> extends InruptPermissionManager<T> implements IPermissionManager<T> {
 
-    private async updateACL<K extends SubjectKey<T>>(resource: string, subject: T[K], accessModes: Partial<AccessModes>) {
-        const session = getDefaultSession();
-        await setPublicAccess(resource, accessModes, {
-            fetch: session.fetch
-        })
-    }
-
     //. NOTE: Currently, it doesn't do any recursive permission setting on containers
     async createPermissions<K extends SubjectKey<T>>(resource: string, subject: T[K], permissions: Permission[]): Promise<void> {
-        const accessModes = this.permissionsToAccessModes(permissions, []);
-        await this.updateACL(resource, subject, accessModes)
+        await new PolicyService().insertActionRule(resource, permissions)
     }
 
-    async deletePermissions<K extends SubjectKey<T>>(resource: string, subject: T[K]) {
-        await this.updateACL(resource, subject, {});
+    async deletePermissions<K extends SubjectKey<T>>(resource: string, subject: T[K], permissions: Permission[]) {
+        await new PolicyService().deleteActionRule(resource, permissions)
+
     }
 
     async editPermissions<K extends SubjectKey<T>>(resource: string, item: IndexItem, subject: T[K], permissions: Permission[]) {
-        const accessModes = this.editPermissionsToAccessModes(item, permissions);
-        await this.updateACL(resource, subject, accessModes)
+        // not needed
     }
 
-    async getRemotePermissions<K extends SubjectKey<T>>(resourceUrl: string) {
-        const session = getDefaultSession();
-        const publicAccess = await getPublicAccess(resourceUrl, { fetch: cacheBustedSessionFetch(session) })
-
-        if (!publicAccess) {
-            return [];
-        }
-
-        return [{
-            subject: {
-                type: "public",
-            } as T[K],
-            permissions: this.AccessModesToPermissions(publicAccess),
-            isEnabled: true,
-        }]
-    }
+    type = 'public'
+
+
 }
diff --git a/controller/src/classes/permissionManager/inrupt/WebIdManager.ts b/controller/src/classes/permissionManager/inrupt/WebIdManager.ts
index 2c275ec..5a0a0bc 100644
--- a/controller/src/classes/permissionManager/inrupt/WebIdManager.ts
+++ b/controller/src/classes/permissionManager/inrupt/WebIdManager.ts
@@ -1,52 +1,22 @@
-import { getDefaultSession } from "@inrupt/solid-client-authn-browser";
 import { BaseSubject, IndexItem, Permission } from "../../../types";
 import { IPermissionManager, SubjectKey } from "../../../types/modules";
 import { InruptPermissionManager } from "./InruptPermissionManager";
-import { getAgentAccessAll, setAgentAccess } from "@inrupt/solid-client/universal";
-import { AccessModes, } from "@inrupt/solid-client";
-import { cacheBustedSessionFetch } from "../../../util";
+import { PolicyService } from "../../utils/PolicyService";
 
 export class WebIdManager<T extends Record<keyof T, BaseSubject<keyof T & string>>> extends InruptPermissionManager<T> implements IPermissionManager<T> {
-    private async updateACL<K extends SubjectKey<T>>(resource: string, subject: T[K], accessModes: Partial<AccessModes>) {
-        const session = getDefaultSession();
-        if (!subject.selector?.url) {
-            throw new Error("Missing url selector on WebID subject")
-        }
-        await setAgentAccess(resource, subject.selector.url, accessModes, {
-            fetch: session.fetch
-        })
-    }
-    //. NOTE: Currently, it doesn't do any recursive permission setting on containers
+
+    // Create an action for this resource and this subject with the given permissions
     async createPermissions<K extends SubjectKey<T>>(resource: string, subject: T[K], permissions: Permission[]): Promise<void> {
-        const accessModes = this.permissionsToAccessModes(permissions, []);
-        await this.updateACL(resource, subject, accessModes)
+        await new PolicyService().insertActionRule(resource, permissions, subject.selector!.url);
     }
 
-    async deletePermissions<K extends SubjectKey<T>>(resource: string, subject: T[K]) {
-        await this.updateACL(resource, subject, {});
+    async deletePermissions<K extends SubjectKey<T>>(resource: string, subject: T[K], permissions: Permission[]) {
+        await new PolicyService().deleteActionRule(resource, permissions, subject.selector!.url)
     }
 
     async editPermissions<K extends SubjectKey<T>>(resource: string, item: IndexItem, subject: T[K], permissions: Permission[]) {
-        const accessModes = this.editPermissionsToAccessModes(item, permissions);
-        await this.updateACL(resource, subject, accessModes)
+        // not needed
     }
 
-    async getRemotePermissions<K extends SubjectKey<T>>(resourceUrl: string) {
-        const session = getDefaultSession();
-        const agentAccess = await getAgentAccessAll(resourceUrl, { fetch: cacheBustedSessionFetch(session) });
-
-        if (!agentAccess) {
-            return [];
-        }
-
-        return Object.entries(agentAccess).map(([url, access]) => ({
-            // @ts-expect-error selector is required for webId
-            subject: {
-                type: "webId",
-                selector: { url },
-            } as T[K],
-            permissions: this.AccessModesToPermissions(access),
-            isEnabled: true,
-        }))
-    }
+    type = "webId"
 }
diff --git a/controller/src/classes/utils/PolicyInterpreter.ts b/controller/src/classes/utils/PolicyInterpreter.ts
new file mode 100644
index 0000000..4cee135
--- /dev/null
+++ b/controller/src/classes/utils/PolicyInterpreter.ts
@@ -0,0 +1,159 @@
+import { Permission } from "../../types/";
+import { IPolicy, ISpecificTargetInfo, TargetSubjects } from "../../types/modules";
+import { DataFactory, Parser, Store } from "n3";
+import { ODRL } from "./PolicyParser";
+
+const { namedNode } = DataFactory;
+
+export class PolicyInterpreter {
+    private fromODRL = (odrlString: string) => odrlString.split('/')[6];
+    private defaultTarget = (uri: string, subject: string = ""): ISpecificTargetInfo => ({ uri: uri, permissions: new Set(), subject: subject, public: subject === "" })
+
+    /**
+    * Extract the quads of one subject, and recursively add whatever their object is referring to
+    * @param store store to extract subject from
+    * @param subjectIRI 
+    * @param existing IDs that have already been added to the store
+    * @returns detailed store of the original subject and all of their children
+    */
+    private extractQuadsRecursive(store: Store, subjectIRI: string, existing: Set<string> = new Set([subjectIRI])): Store {
+        // Add the direct quads to the store
+        const result = new Store();
+        const subjectQuads = store.getQuads(subjectIRI, null, null, null);
+        result.addQuads(subjectQuads);
+
+        // If objects are not already added, add their quads and their children
+        for (const quad of subjectQuads) {
+            if (!existing.has(quad.object.id)) {
+                existing.add(quad.object.id);
+                result.addQuads(this.extractQuadsRecursive(store, quad.object.id, existing).getQuads(null, null, null, null));
+            }
+        }
+        return result;
+    }
+
+    /**
+     * Function that returns the stored Target objects without sanitization
+     * This function assumes all policies are correct, and only contains information for the logged on client
+     * 
+     * Currently, it does not check the rule type (permission, prohibition, duty) and it only takes permission into account
+     * @param store the owned policies in a store
+     * @returns the target -> subjects -> permissions relation for all owned targets
+     */
+    public ownedPoliciesToObject = (store: Store, specifiedTarget: string = ""): TargetSubjects[] => {
+
+        // 1. Get every <rule> odrl:target <target> . quad, or only the rules targetting the specified target
+        // Note that multiple rules can refer to the same target, and one rule can refer to multiple targets
+        const relevantRuleSet: Set<string> = new Set((specifiedTarget === ""
+            ? store.getQuads(null, ODRL('target'), null, null)
+            : store.getQuads(null, ODRL('target'), namedNode(specifiedTarget), null))
+            .map(quad => quad.subject.id));
+
+        // 2. Add permission information for every target we find
+        // Every target ID corresponds with the subjects that each have some permissions etc.
+        const idToTarget: Map<string, TargetSubjects> = new Map<string, TargetSubjects>();
+        for (const ruleId of relevantRuleSet) {
+
+            // Get the policy information
+            // Since a valid policy only has unique ID's, we can just search for '<policy> <relation> <rule> .' quads on the entire store
+            const policyIDs: Set<string> = new Set();
+            for (const relation of ['permission'/*, 'prohibition', 'duty'*/].map(x => ODRL(x)))
+                store.getQuads(null, relation, namedNode(ruleId), null).forEach(res => policyIDs.add(res.subject.id));
+            if (policyIDs.size !== 1)
+                console.warn("Corrupted Policy");
+            const policyId = [...policyIDs][0];
+
+            // 2.1 Get the every quad defined by the rule (and their children recursively)
+            const ruleStore = this.extractQuadsRecursive(store, ruleId);
+
+            // 2.2 List all relevant actions for this rule
+            const permissions = [];
+            for (const quad of ruleStore.getQuads(null, ODRL('action'), null, null)) {
+                // TODO: find a way to categorize all actions as one of the Permission types 
+                const action = this.fromODRL(quad.object.id).toLowerCase();
+
+                switch (action) {
+                    case "read":
+                        permissions.push(Permission.Read);
+                        break;
+
+                    case "write":
+                        permissions.push(Permission.Write);
+                        break;
+
+                    case "append":
+                        permissions.push(Permission.Append);
+                        break;
+
+                    case "control":
+                        permissions.push(Permission.Control);
+                        break;
+
+                    case "create":
+                        permissions.push(Permission.Create);
+                        break;
+
+                    default:
+                        console.warn(`Unrecognized ODRL action: ${action}`);
+                }
+
+            }
+
+            // Get assigner ID
+            const assigner = ruleStore.getQuads(null, ODRL('assigner'), null, null)[0].object.id;
+            if (!assigner) throw new Error("Corrupted Policy");
+
+            // Get assignee IDs
+            const subjects: string[] = ruleStore.getQuads(null, ODRL('assignee'), null, null).map(quad => quad.object.id);
+
+            for (const target of ruleStore.getQuads(namedNode(ruleId), ODRL('target'), null, null).map(quad => quad.object.id)) {
+                // 2.3 Set the target's assigner if not already done
+                if (!idToTarget.has(target)) idToTarget.set(target, { assigner: assigner, targetUrl: target, policies: new Set(), rules: new Set() });
+                idToTarget.get(target)!.policies.add(policyId);
+                idToTarget.get(target)!.rules.add(ruleId);
+
+                // 2.4 Add the private assignee information for every target in the rule
+                for (const subject of subjects) {
+                    // If target does not have subjects yet, set a default object
+                    if (!idToTarget.get(target)!.private)
+                        idToTarget.get(target)!.private = new Map<string, ISpecificTargetInfo>();
+
+                    // If subject is new to the target, set its permissions to a new set
+                    if (!idToTarget.get(target)!.private!.has(subject))
+                        idToTarget.get(target)!.private!.set(subject, { uri: target, subject: subject, public: false, permissions: new Set() });
+
+                    // Add the permissions of this rule to the subject
+                    const targetObject: ISpecificTargetInfo = idToTarget.get(target)!.private!.get(subject)!;
+                    permissions.forEach(p => targetObject.permissions.add(p));
+                }
+
+                if (subjects.length === 0) {
+                    // If there is no public permission set, add one
+                    if (!idToTarget.get(target)!.public)
+                        idToTarget.get(target)!.public = { uri: target, public: true, subject: "", permissions: new Set() };
+
+                    // Add the permissions to the set
+                    const publicPermissions: Set<Permission> = idToTarget.get(target)!.public!.permissions;
+                    permissions.forEach(p => publicPermissions.add(p));
+                }
+            }
+        }
+
+        // Return the list of target info objects
+        return Array.from(idToTarget.values());
+    }
+
+    // Return the subject -> permissions relation for a target
+    public permissionsForOneResource(resourceUrl: string, store: Store): TargetSubjects {
+        const targets = this.ownedPoliciesToObject(store, resourceUrl);
+
+        // Only return the target we need
+        const target = targets.filter(t => t.targetUrl === resourceUrl);
+
+        if (target.length > 1) console.warn("Something went wrong while getting the permissions for", resourceUrl);
+        // Handle empty subjects
+
+        return target[0];
+    }
+
+}
\ No newline at end of file
diff --git a/controller/src/classes/utils/PolicyParser.ts b/controller/src/classes/utils/PolicyParser.ts
new file mode 100644
index 0000000..7910594
--- /dev/null
+++ b/controller/src/classes/utils/PolicyParser.ts
@@ -0,0 +1,17 @@
+import { DataFactory, Parser, Store } from "n3";
+
+const { namedNode } = DataFactory
+
+export const ODRL = (something: string) => namedNode(`http://www.w3.org/ns/odrl/2/${something}`);
+
+
+export class PolicyParser {
+
+    public constructor() { }
+
+    public parseText = (text: string): Store => {
+        const parser = new Parser({ format: 'text/turtle' });
+        const quads = parser.parse(text);
+        return new Store(quads);
+    }
+}
\ No newline at end of file
diff --git a/controller/src/classes/utils/PolicyService.ts b/controller/src/classes/utils/PolicyService.ts
new file mode 100644
index 0000000..bec43de
--- /dev/null
+++ b/controller/src/classes/utils/PolicyService.ts
@@ -0,0 +1,238 @@
+import { getDefaultSession } from "@inrupt/solid-client-authn-browser";
+import { Permission } from "../../types";
+import { ODRL, PolicyParser } from "./PolicyParser";
+import { DataFactory, Writer } from "n3"
+const { namedNode } = DataFactory
+export const UMA_URL = (encodedId: string = "") => `http://localhost:4000/uma/policies${encodedId}`
+
+export class PolicyService {
+    constructor() { }
+
+    private getRandomString(length: number): string {
+        const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+        let result = '';
+        for (let i = 0; i < length; i++) {
+            const randIndex = Math.floor(Math.random() * chars.length);
+            result += chars[randIndex];
+        }
+        return result;
+    }
+
+    public async fetchPolicies(webId: string) {
+
+        // Get all our policies
+        const response = await fetch(UMA_URL(), {
+            headers: {
+                "Authorization": webId,
+                "Accept": "text/turtle"
+            }
+        });
+
+        // Extract the target Ids
+        const turtleText = await response.text();
+
+        // Use parser to extract an N3 Store
+        const parser = new PolicyParser();
+        return parser.parseText(turtleText);
+    }
+
+    public async fetchOnePolicy(webId: string, policyId: string) {
+        // Get all our policies
+        const response = await fetch(UMA_URL(`/${encodeURIComponent(policyId)}`), {
+            headers: {
+                "Authorization": webId,
+                "Accept": "text/turtle"
+            }
+        });
+
+        const turtleText = await response.text();
+
+        // Use parser to extract an N3 Store
+        const parser = new PolicyParser();
+        return parser.parseText(turtleText);
+    }
+
+    public async postPolicy(webId: string, body: string) {
+        await fetch(UMA_URL(), {
+            method: 'POST',
+            headers: {
+                'Authorization': webId,
+                'Content-type': 'text/turtle'
+                // 'Content-type': 'application/sparql-update'
+            },
+            body: body
+        })
+    }
+
+    public async patchPolicy(webId: string, policyId: string, body: string) {
+        await fetch(UMA_URL(`/${encodeURIComponent(policyId)}`), {
+            method: 'PATCH',
+            headers: {
+                'Authorization': webId,
+                'Content-type': 'application/sparql-update'
+            },
+            body: body
+        })
+    }
+
+
+    /**
+     * Function to insert an action rule for each permission in the provided array. They will be inserted in a new policy, via POST and not PATCH.
+     */
+    public async insertActionRule(targetId: string, actions: Permission[], assignee: string = ""): Promise<void> {
+        const webId = getDefaultSession().info.webId!
+
+        // Find out if this target already has a policy
+        const store = (await this.fetchPolicies(webId));
+        const ruleIds = store.getQuads(null, ODRL('target'), namedNode(targetId), null).map(quad => quad.subject);
+        const policyIds = new Set<string>();
+        ruleIds.forEach(ruleId =>
+            // We also only take permission into account (for now)
+            store.getQuads(null, ODRL('permission'), ruleId, null).forEach(quad =>
+                // Add each policyId
+                policyIds.add(quad.subject.id)
+            )
+        )
+
+        // Our policyId is either one from the set or a random generator if there are none, this is not verified to be unique, but 20^62 possibilities should work for now
+        // Since we found this target, it implicitly means that there must exist a policy and thus we will never create a random one...
+        const policyId: string = policyIds.size > 0
+            ? [...policyIds][0]
+            : `http://example.org/policy${this.getRandomString(20)}`;
+
+
+        for (const action of actions) {
+            // We need a proper way to create new rules, probably better server side? 
+            const ruleId = `http://example.org/rule${this.getRandomString(20)}`;
+
+            // Define the new triples in the rule
+            const actionTriple = `odrl:action odrl:${action.toLowerCase()} ;`;
+            const assigneeTriple = assignee
+                ? `odrl:assignee <${assignee}> ;`
+                : "";
+
+            // The response contains the full and updated version of the policy, which we cannot return in this interface
+            // If there already exists a policy for this target, patch this rule into it. Otherwise, just post a new one
+            const response = policyIds.size > 0
+                ? this.patchPolicy(webId, policyId, `PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
+INSERT {
+    <${policyId}> odrl:permission <${ruleId}> .
+    <${ruleId}> a odrl:Permission ;
+        odrl:target <${targetId}> ;
+        ${actionTriple}
+        ${assigneeTriple}
+        odrl:assigner <${webId}> .
+}
+WHERE {}`)
+                : this.postPolicy(webId, `@prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+
+<${policyId}> a odrl:Agreement ;
+    odrl:permission <${ruleId}> .
+
+<${ruleId}> a odrl:Permission ;
+    odrl:target <${targetId}> ;
+    ${actionTriple}
+    ${assigneeTriple}
+    odrl:assigner <${webId}> .
+`)
+        }
+    }
+
+    /**
+     * Funcion that searches every owned rule by the logged on client, finds the target 
+     * of an assigner and deletes the actions on it
+     */
+    public async deleteActionRule(targetId: string, actions: Permission[], assignee: string = ""): Promise<void> {
+        const session = getDefaultSession();
+        const webId = session.info.webId!;
+
+        // 1: Fetch the policy contents
+        const response = await fetch(UMA_URL(), {
+            headers: {
+                Authorization: webId,
+                Accept: "text/turtle"
+            }
+        });
+
+        if (!response.ok) {
+            throw new Error(`Failed to fetch policy: ${response.status}`);
+        }
+
+        const turtleText = await response.text();
+
+        // 2: Parse into store
+        const parser = new PolicyParser();
+        const store = parser.parseText(turtleText);
+
+        // 3: Find all rules with our target
+        const targetRules = store.getQuads(null, ODRL("target"), namedNode(targetId), null);
+
+        const policyIds = new Map<string, Set<string>>();
+        targetRules.forEach(
+            // Filter only the targets that have rules with us as assignee, or public if no assignee
+            target => {
+                // Search the rule of the target, and then the policy of the rule, only for permission (for now)
+                const rule = target.subject;
+                const matches = store.getQuads(null, ODRL("permission"), rule, null);
+                if (matches.length === 0)
+                    console.warn("out of bounds rule");
+                const policyId = matches[0].subject.id;
+
+                // We now have the policies that have our target, check if our assignee has an action to delete here
+                if (assignee === "") {
+                    // If no assignee specified, the rule is public and it has an action to be deleted, select it
+                    if (store.getQuads(rule, ODRL("assignee"), null, null).length === 0) {
+                        for (const action of actions)
+                            if (store.getQuads(rule, ODRL("action"), ODRL(action.toLowerCase()), null).length > 0) {
+                                if (!policyIds.has(policyId)) policyIds.set(policyId, new Set<string>());
+                                policyIds.get(policyId)!.add(rule.id);
+                            }
+                    }
+                } else {
+                    // Do the same, with a check if the assignee is correct
+                    if (store.getQuads(rule, ODRL("assignee"), namedNode(assignee), null).length >= 1) {
+                        for (const action of actions) {
+                            if (store.getQuads(rule, ODRL("action"), ODRL(action.toLowerCase()), null).length > 0) {
+                                if (!policyIds.has(policyId)) policyIds.set(policyId, new Set<string>());
+                                policyIds.get(policyId)!.add(rule.id);
+                            }
+                        }
+
+                    }
+                }
+            }
+        )
+
+        // 4: Delete the rule that has the matching target and permission for the matching assignee
+        for (const policyId of policyIds.keys()) {
+            for (const ruleId of policyIds.get(policyId)!) {
+                const deleteResponse = await fetch(UMA_URL(`/${encodeURIComponent(policyId)}`), {
+                    method: "PATCH",
+                    headers: {
+                        'Authorization': webId,
+                        'Content-type': 'application/sparql-update',
+                    },
+                    body: `
+    PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
+
+DELETE {
+  <${ruleId}> ?p ?o .
+  ?policy odrl:permission <${ruleId}> .
+}
+WHERE {
+  OPTIONAL {
+    <${ruleId}> ?p ?o .
+  }
+  OPTIONAL {
+    ?policy odrl:permission <${ruleId}> .
+  }
+}`
+                });
+
+                if (!deleteResponse.ok) {
+                    throw new Error(`Policy deletion failed: ${deleteResponse.status}`);
+                }
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/controller/src/types/index.ts b/controller/src/types/index.ts
index 7287883..5feb781 100644
--- a/controller/src/types/index.ts
+++ b/controller/src/types/index.ts
@@ -30,6 +30,7 @@ export enum Permission {
     Control = "Control",
     Read = "Read",
     Write = "Write",
+    Create = "Create",
 }
 
 export interface BaseSubject<T extends string> {
@@ -43,6 +44,7 @@ export interface SubjectPermissions<T = BaseSubject<string>> {
     subject: T;
     permissions: Permission[];
     isEnabled: boolean;
+    targetId?: string;
 }
 
 export interface ResourcePermissions<T = BaseSubject<string>> {
diff --git a/controller/src/types/modules.ts b/controller/src/types/modules.ts
index db9b0f9..160d28f 100644
--- a/controller/src/types/modules.ts
+++ b/controller/src/types/modules.ts
@@ -126,7 +126,7 @@ export interface IPermissionManager<T = Record<string, BaseSubject<string>>> {
     createPermissions<K extends SubjectKey<T>>(resource: string, subject: T[K], permissions: Permission[]): Promise<void>
     // Does not update the index file
     editPermissions<K extends SubjectKey<T>>(resource: string, item: IndexItem, subject: T[K], permissions: Permission[]): Promise<void>
-    deletePermissions<K extends SubjectKey<T>>(resource: string, subject: T[K]): Promise<void>
+    deletePermissions<K extends SubjectKey<T>>(resource: string, subject: T[K], permissions: Permission[]): Promise<void>
     getRemotePermissions<K extends SubjectKey<T>>(resourceUrl: string): Promise<SubjectPermissions<T[K]>[]>
     /**
     * Retrieve the permissions of the resources in this container.
@@ -139,4 +139,71 @@ export interface IPermissionManager<T = Record<string, BaseSubject<string>>> {
     * This indicates if the underlying SDK automatically removes the entry from the SDK if all permissions are revoked
     */
     shouldDeleteOnAllRevoked(): boolean
+    getTargetPermissionsForUser(assignerId: string, assigneeId: string, targetId: string): Promise<Permission[]>;
+    type: string;
+}
+
+// Temporal (?) interface to represent a policy
+export interface IPolicy {
+    rules: IRule[];
+    id: string;
+}
+
+export type RuleType = 'permission' | 'prohibition' | 'duty';
+
+// Temporal (?) interface to represent a rule within a policy
+export interface IRule {
+    // What kind of rule is this
+    ruleType: RuleType;
+
+    // Every rule has one assigner represented by its webID
+    assigner: string;
+
+    // Multiple assignees possible
+    assignees: string[];
+
+    // What actions does this rule definine?
+    permissions: string[];
+
+    // target objects of the rule
+    targets: string[];
+
+    // ID
+    id: string;
+}
+
+// The interface to display the permissions for one subject on one target
+export interface ISpecificTargetInfo {
+
+    // Indicate whether its public
+    public: boolean;
+
+    // The uri of the target
+    uri: string;
+
+    // The client that has permission over this target
+    subject: string;
+
+    // the actions set to the target
+    permissions: Set<Permission>;
+}
+
+// A target can have multiple private subjects and a public subject
+export interface TargetSubjects {
+    targetUrl: string;
+
+    // The map of subject names and their permissions on this target
+    private?: Map<string, ISpecificTargetInfo>;
+
+    // The public permission settings for this target
+    public?: ISpecificTargetInfo;
+
+    // WebID of the target owner
+    assigner: string;
+
+    // The policies referring to this target
+    policies: Set<string>;
+
+    // The rules referring to this target
+    rules: Set<string>;
 }
diff --git a/loama/src/components/explorer/SubjectPermissionTable.vue b/loama/src/components/explorer/SubjectPermissionTable.vue
index ee25eb8..ac0aeb0 100644
--- a/loama/src/components/explorer/SubjectPermissionTable.vue
+++ b/loama/src/components/explorer/SubjectPermissionTable.vue
@@ -37,12 +37,6 @@
                     <LoCheck v-if="slotProps.data.permissions?.includes(Permission.Control)" />
                 </template>
             </Column>
-            <Column header="Enabled">
-                <template #body="slotProps">
-                    <ToggleSwitch v-model="slotProps.data.isEnabled"
-                        @update:modelValue="e => toggleSubjectAccess(e, slotProps.data.subject)" />
-                </template>
-            </Column>
             <Column header="">
                 <template #body="slotProps">
                     <div class="subject-actions">
@@ -74,6 +68,11 @@
                         @update:checked="checked => handleSubjectPermissionUpdates(checked, Permission.Append)">
                         {{ Permission.Append }}
                     </LoSwitch>
+                    <LoSwitch :id="Permission.Create"
+                        :default-value="selectedSubject.permissions.includes(Permission.Create)" :disabled="updating"
+                        @update:checked="checked => handleSubjectPermissionUpdates(checked, Permission.Create)">
+                        {{ Permission.Create }}
+                    </LoSwitch>
                     <LoSwitch ref="controlCheckbox" :id="Permission.Control"
                         :default-value="selectedSubject.permissions.includes(Permission.Control)" :disabled="updating"
                         @update:checked="checked => handleControlPermissionChange(checked)">
@@ -104,7 +103,7 @@ import { useToast } from 'primevue/usetoast';
 import { useConfirm } from "primevue/useconfirm";
 import ToggleSwitch from 'primevue/toggleswitch';
 
-const ALL_PERMISSIONS: Permission[] = [Permission.Read, Permission.Write, Permission.Append];
+const ALL_PERMISSIONS: Permission[] = [Permission.Read, Permission.Write, Permission.Append, Permission.Create];
 
 const selectedSubject = ref<SubjectPermissions<WebIdSubject | PublicSubject> | null>(null);
 const updating = ref(false);
diff --git a/loama/src/components/layouts/HeaderLayout.vue b/loama/src/components/layouts/HeaderLayout.vue
index 3aaf3b8..a015c7c 100644
--- a/loama/src/components/layouts/HeaderLayout.vue
+++ b/loama/src/components/layouts/HeaderLayout.vue
@@ -2,8 +2,8 @@
     <Suspense>
         <HeaderBase>
             <HeaderTab href="/home/" active>Resources</HeaderTab>
-            <HeaderTab href="/request" active>Request access</HeaderTab>
-            <HeaderTab href="/inbox" active>Access Requests</HeaderTab>
+            <!-- <HeaderTab href="/request" active>Request access</HeaderTab>
+            <HeaderTab href="/inbox"active>Access Requests</HeaderTab> -->
         </HeaderBase>
     </Suspense>
     <router-view />
diff --git a/loama/src/components/subjectForms/Public.vue b/loama/src/components/subjectForms/Public.vue
index a089c2b..66b8560 100644
--- a/loama/src/components/subjectForms/Public.vue
+++ b/loama/src/components/subjectForms/Public.vue
@@ -1,3 +1,9 @@
+<template>
+  <!-- We get warnings without a template -->
+  <div style="display: none;"></div>
+</template>
+
+
 <script setup lang="ts">
 import { usePodStore } from '@/lib/state';
 import { Permission, activeController } from 'loama-controller';
diff --git a/loama/src/lib/state.ts b/loama/src/lib/state.ts
index 1e4fd60..8b787e7 100644
--- a/loama/src/lib/state.ts
+++ b/loama/src/lib/state.ts
@@ -21,7 +21,7 @@ export const usePodStore = defineStore("pod", {
             return state.podEntries.map(resourcePermissions => {
                 const uri = resourcePermissions.resourceUrl.replace(store.usedPod, '');
                 const isContainer = uri.charAt(uri.length - 1) === '/'
-                const name = uriToName(uri, isContainer);
+                const name = uri//uriToName(uri, isContainer);
                 const publicAccess = (resourcePermissions.permissionsPerSubject.find(s => s.subject.type === "public")?.permissions.length ?? 0) > 0;
                 return {
                     isContainer,
@@ -38,13 +38,14 @@ export const usePodStore = defineStore("pod", {
     actions: {
         async loadResources(url: string) {
             this.podEntries = (await activeController.getContainerPermissionList(url))
-                // Filter out the current resource
-                .filter(entry => entry.resourceUrl !== url)
-                // Filter out the things that are nested (?)
-                .filter(entry => {
-                    const depth = entry.resourceUrl.replace(url, '').split('/');
-                    return depth.length <= 2;
-                })
+            // Filter out the current resource
+            // .filter(entry => entry.resourceUrl !== url)
+            // Filter out the things that are nested (?)
+            // .filter(entry => {
+            //     const depth = entry.resourceUrl.replace(url, '').split('/');
+            //     console.log(depth);
+            //     return depth.length <= 2;
+            // })
         },
         async refreshEntryPermissions() {
             if (!this.selectedEntry) {
diff --git a/loama/src/lib/utils.ts b/loama/src/lib/utils.ts
index 6fba494..c02913e 100644
--- a/loama/src/lib/utils.ts
+++ b/loama/src/lib/utils.ts
@@ -8,7 +8,7 @@ export const uriToName = (uri: string, isContainer: boolean) => {
 
 export const debounce = (fn: Function, wait: number) => {
     let timer: NodeJS.Timeout;
-    return function(...args: any[]) {
+    return function (...args: any[]) {
         if (timer) {
             clearTimeout(timer); // clear any pre-existing timer
         }
@@ -25,4 +25,5 @@ export const allPermissions = [
     Permission.Write,
     Permission.Append,
     Permission.Control,
+    Permission.Create,
 ]
diff --git a/loama/src/views/RequestView.vue b/loama/src/views/RequestView.vue
index 4faccba..7e80382 100644
--- a/loama/src/views/RequestView.vue
+++ b/loama/src/views/RequestView.vue
@@ -69,6 +69,7 @@ const requestedPermissions = ref({
     [Permission.Write]: false,
     [Permission.Append]: false,
     [Permission.Control]: false,
+    [Permission.Create]: false,
 })
 
 const accessRequestNodeToTreeNode = (key: string, node: ResourceAccessRequestNode): TreeNode => {
diff --git a/uma-loama.md b/uma-loama.md
new file mode 100644
index 0000000..04b9a3f
--- /dev/null
+++ b/uma-loama.md
@@ -0,0 +1,113 @@
+# Linked Open Access Management Application with UMA
+
+This documentation describes the important changes made to transform Loama into an ODRL-policy based access management application. 
+
+## App Structure
+
+The app follows a three-layered structure: The **controller**, the **managers** and the **policy handlers**.
+
+![Brief app structure](assets/loama-short.drawio.png "App structure")
+
+The **controller** contains the high level operations that Loama provides. These operations include editing (adding/removing) permissions, retrieving permission information for each target, and managing subjects. Other functionalities, such as access requests, are outside the scope of these changes. 
+
+To support different subjects (public and webID), the controller uses the same preconfigured managers and resolvers. Each manager and resolver handles tasks specific to one subject type. Common functionality shared between managers is grouped in a base class called `InruptPermissionManager.ts`. 
+
+To keep the manager codebase concise, they delegate policy-related tasks to helper classes: `PolicyParser`, `PolicyInterpreter` and `PolicyService`. These provide the foundational logic needed by the managers. The only class that interacts with the UMA Authorization Server (AS) is the `PolicyService`
+
+![Full app structure](assets/loama-extended.drawio.png "Full app structure")
+
+
+### Policy Helper Classes
+
+This section describes the implementation of the `PolicyParser`, `PolicyInterpreter` and `PolicyService`. These classes do not follow the generic type system as used in the rest of the controller-structure.
+
+#### PolicyParser
+
+The `PolicyParser` is used to convert text into an `N3.store`. It assumes the text is in Turtle format, as that is the format returned by the UMA server. The class exposes one parsing method.
+
+#### PoliyInterpreter
+
+The `PolicyInterpreter` is the class that extracts the necessary information out of a given `N3.Store`. It contains one helper function, and two main functions:
+- `ownedPoliciesToObject`: Get every policy for the logged on client, and group them by target. Return an information object for each target to indicate who has what permission, as documented in the code.
+- `permissionsForOneResource`: Use the `ownedPoliciesToObject` with a specified target. This retrieves permission information for one single target.
+- `extractQuadsRecursive`: Helper function to get all information about a subject with recursive depth, used in `ownedPoliciesToObject`.
+
+#### PolicyService
+
+The `PolicyService` is used to make the required UMA server calls. Its main responsibilities are retrieving policies, inserting atomic permission rules and deleting them. The URL to the UMA AS-server is hard-coded, but will be replaced once a better solution is found.
+
+- `fetchPolicies`: Retrieve every policy that you own, and turn it into an N3 store.
+- `fetchOnePolicy`: Retrieve one specific policy as an N3 store.
+
+- `insertActionRule`: Given the target ID, the permissions to add and the specified subject, create a new rule for every action to be inserted. The new rules contain the logged on client as the assigner, the new subject as assignee (or none if no subject was specified, this means the subject is public), the target ID as odrl:target and the action to be inserted as odrl:action. The rule is inserted in an existing policy, or a new policy is created when this target did not have a policy before.
+
+    There are some things to be considered about this function.
+    1. It currently generates a random policy (if needed) and rule ID, but does not check if it already exists. The chances are slim that this happens, but not zero.
+    2. The current version will always PATCH, since there will always be a policy for the target (otherwise it would not be displayed in the first place). The POST exists in case something went wrong.
+
+- `deleteActionRule`: Given the target ID, the permissions to be deleted and the specified subject, remove the atomic rules where the subject has these permissions for this target. 
+
+    This function also has many things to consider.
+    1. It first fetches and parses every policy of the logged on client. It then finds every policy where the subject has one of the permissions to delete. After this, it performs a query that tracks the rules to delete from every policy.
+    This is a lot of work, because the UMA server is very policy-oriented. We first need to extract the policies, to send the PATCH to `/policies/<encodedPolicyId>`. An idea could be to add target-oriented/rule-oriented features to the server. 
+
+    2. When every rule is deleted from a policy, the current implementation can still contain some 'dangling triples'. These are triples that contain information about a policy that does not have any rules anymore. This can be fixed by an extra step. After the deletion of every permission rule, we could GET every policy again, and look if there are any rules left in there. If not, we could DELETE the policy. This is also some work, so we are currently looking for better solutions.
+
+    3. Although it seems quite impossible, things like sparql-injection might need more attention
+
+##### Using PATCH to our advantage
+LOAMA previously required explicit **refresh** calls to stay in sync after edits. With our UMA AS-server, this is no longer needed: the PATCH response returns the updated state, which can be passed through directly instead of triggering redundant GET calls.
+
+### Managers
+
+The main managers are the `InruptPermissionManager`, the `WebIdManager` and the `PublicManager`. They contain the logic to perform the client-side operations on the policies.
+
+#### InruptPermissionManager
+This manager handles functionality shared across all subject types. The methods in this manager are the following:
+- `getContainerPermissionList`: Get every target where you are the assigner of its policy. Since we need every target, independent of the subject, it could be placed here.
+It is to be said that the meaning of this function changed. The old implementation fetched the permissions for one specific container, we fetch it from the logged on user. This makes the argument `containerUrl: string` redundant. The argument `resourceToSkip: string[] = []` has been ignored, since no useful purpose of this was found.
+
+There are also functions here where it would make more sense to move them to their specific subject manager.
+- `getRemotePermissions`: Get the permissions for one single target. We do retrieve the information in a way that we get every subject, but we need to handle those subjects in the common managers. This means adding a new subject would require changes in the common manager, which would be cleaner if moved to the separate managers.
+- `getTargetPermissionsForUser`: A specific version of getRemotePermissions, where we are only interested in the permissions for one user on one target. This must be moved to the underlying managers. This function will probably be removed in the future. 
+
+#### Subejct-Specific Managers
+Because most of the work is done in the `PolicyService` and `PolicyInterpreter`, there is no big implementation in the WebID and Public Manager. Their `createPermissions` and `deletePermissions` functions are one-liners, and the `editPermissions` is not actually needed in this implementation. 
+
+### Controller
+High level logic is implemented in the controller. It uses the managers to delegate the main functionality of the application. The functions that remained unchanged are:
+- `getSubjectConfig`: Given a subject, return is its configuration (manager, resolver).
+- `getExistingRemotePermissions`: Given a resource and a subject, get the list of permissions of that subject for the resource.
+- `AccessRequest`: Returns the IAccessRequest
+- `getLabelForSubject`: Uses the resolver of the subject to return its label.
+- `isSubjectSupported`: Check if there is a configuration that supports the subject type.
+
+
+The functions that have a new implementations are the following:
+- `addPermission`: The new implementation became very short:
+    1. Let the specific manager create the permission for the subject.
+    2. Even though the server already returns an updated version, we cannot return this in the current interface. We just fetch the new permissions using  `getTargetPermissionsForUser` from the manager, which we might change to the `getExistingRemotePermissions` from the controller.
+- `removePermission`: Works exactly the same as `addPermission`, uses the deletePermissions function from the manager.
+- `getContainerPermissionList`: This is nothing but a call to the manager's `getContainerPermissionList` function. Its implementation has been reduced a lot, but the current way is not clean. Because we know that we only need one manager to get every target and their permission info, we need to force our way to get only one. We do this by getting the public configuration, even though the controller is not exactly sure that this one exists. This works, because we know it exists. It's not a good solution and should be replaced, even though it works fine.
+- `getResourcePermissionList`: Works exactly the same as `getContainerPermissionList`, it just calls the `getRemotePermissions`.
+- `getItem`: Get the permission information for a subject on a resource. It works fine, but the ID and request ID are not present (since we have not implemented them).
+- `removeSubject`: Remove all permissions for a subject. We first collect the permissions for one user, and then we go on and delete them.
+
+The functions that we do not need in the new implementation are:
+- `getExistingPermissions`: Our implementation always gets the data straight from the server. This function was used in the index-context, which has been replaced by the UMA AS-server.
+- `updateItem`: This function was used to set certain permissions for a target. Because our functionality only uses `addPermission` and `removePermission`, no `updateItem` is necessary. 
+- `enablePermissions`/`disablePermissions`: We have removed the old implementation, and have no interest to find a way to implement this the odrl way.
+- Index related functions that we no longer need:
+    - `setPodUrl`
+    - `unsetPodUrl`
+    - `getOrCreateIndex`
+
+    The downside of these functions is the fact that the front end still uses some, but they don't need to anymore. This causes some side effects that need to be looked at in more detail.
+
+
+## Impact of UMA
+The introduction of the UMA server to this project reduced the controller and manager side significantly. It introduced independent classes to handle the server calls (PolicyService) and to turn policies into the format required by the frontend (PolicyInterpreter). 
+
+Because the most important part of the logic is implemented in those independent classes, the managers and controllers take on a delegating role. The reason why it's still important to have them, is to separate concerns:
+- The controller contains top level, generic functionality. They just need to call the right managers based on the relevant subjects. The controller does not have any direct contact to the independent Policy helper classes.
+- Managers contain specific functionality. They are in direct contact with the Policy Helper classes.
\ No newline at end of file