A new trend in pervasive personal server hosting is to enable the integration of a user's social spheres. Ideally, the design of access control to private data should be flexible and independent from the target host. Personal data should also remain independent from environmental constraints, e.g., in order to support easy migration to new deployment landscapes. Such information interoperability can be achieved by ontology-based personal information sphere management. In the digital.me project, personal data is modelled using an ontology-based approach. In this paper we address the design and first implementation of the digital.me userware access control engine. Here, we introduce a two-level access control design in order to decouple the ontology based-semantic core from the hosting web container, while ensuring that personal data and the associated ontology-based access rights remain flexibly decoupled from the underlying environment.