A new trend in pervasive personal server hosting is to enable

the integration of a user's social spheres. Ideally, the design of access

control to private data should be flexible and independent from the target

host. Personal data should also remain independent from environmental

constraints, e.g., in order to support easy migration to new deployment

landscapes. Such information interoperability can be achieved by

ontology-based personal information sphere management. In the digital.me

project, personal data is modelled using an ontology-based approach. In

this paper we address the design and first implementation of the

digital.me userware access control engine. Here, we introduce a two-level

access control design in order to decouple the ontology based-semantic

core from the hosting web container, while ensuring that personal data and

the associated ontology-based access rights remain flexibly decoupled from

the underlying environment.