diff --git a/server-go/collection/entity.go b/server-go/collection/entity.go
new file mode 100644
index 00000000..4ff7f96f
--- /dev/null
+++ b/server-go/collection/entity.go
@@ -0,0 +1,34 @@
+package collection
+
+import (
+	"github.com/riotkit-org/backup-repository/config"
+	"github.com/riotkit-org/backup-repository/security"
+)
+
+type StrategySpec struct {
+	KeepLastOlderNotMoreThan string `json:"keepLastOlderNotMoreThan"`
+	MaxOlderCopies           int    `json:"maxOlderCopies"`
+}
+
+type BackupWindow struct {
+	From     string `json:"from"`
+	Duration string `json:"duration"`
+}
+
+type BackupWindows []BackupWindow
+
+type Spec struct {
+	Description       string                     `json:"description"`
+	FilenameTemplate  string                     `json:"filenameTemplate"`
+	MaxBackupsCount   int                        `json:"maxBackupsCount"`
+	MaxOneVersionSize string                     `json:"maxOneVersionSize"`
+	MaxCollectionSize string                     `json:"maxCollectionSize"`
+	Windows           BackupWindows              `json:"windows"`
+	StrategyName      string                     `json:"strategyName"`
+	StrategySpec      StrategySpec               `json:"strategySpec"`
+	AccessControl     security.AccessControlList `json:"accessControl"`
+}
+
+type Collection struct {
+	Metadata config.ObjectMetadata `json:"metadata"`
+}
diff --git a/server-go/docs/examples/collection.yaml b/server-go/docs/examples/collection.yaml
index 143c35ea..933a3594 100644
--- a/server-go/docs/examples/collection.yaml
+++ b/server-go/docs/examples/collection.yaml
@@ -5,7 +5,7 @@ metadata:
     name: iwa-ait
 spec:
     description: IWA-AIT website files
-    filename: iwa-ait.tar.gz
+    filenameTemplate: iwa-ait-${version}.tar.gz
     maxBackupsCount: 5
     maxOneVersionSize: 10G
     maxCollectionSize: 55G
@@ -16,12 +16,12 @@ spec:
           duration: 1h
 
     # fifo, fifo-plus-older
-    strategy: fifo-plus-older
+    strategyName: fifo-plus-older
     strategySpec:
         keepLastOlderNotMoreThan: 5d
         maxOlderCopies: 2
 
     accessControl:
-        - name: admin
+        - userName: admin
           roles:
               - collectionManager
diff --git a/server-go/docs/examples/dynamic/access.yaml b/server-go/docs/examples/dynamic/access.yaml
index 10d87d9a..499f25b9 100644
--- a/server-go/docs/examples/dynamic/access.yaml
+++ b/server-go/docs/examples/dynamic/access.yaml
@@ -1,12 +1,7 @@
----
-apiVersion: backups.riotkit.org/v1alpha1
-kind: GrantedAccess
-metadata:
-    # hash of the JWT
-    name: 39671096ba800ca9b238c7c01b053fa0d5d09ca3151e050d148ddfffaefa9466ceba75d47c2098a0f72110aea4deeb24f6cd1b31f27e27aa6fe7b82dad956049
-spec:
-    user: admin
-    expiresAt: "2022-01-01 08:00"
-    active: true
-    description: "Temporary token for single file upload"
-    requesterIP: "1.2.3.4"
+# hash of the JWT
+id: 39671096ba800ca9b238c7c01b053fa0d5d09ca3151e050d148ddfffaefa9466ceba75d47c2098a0f72110aea4deeb24f6cd1b31f27e27aa6fe7b82dad956049
+user: admin
+expiresAt: "2022-01-01 08:00"
+active: true
+description: "Temporary token for single file upload"
+requesterIP: "1.2.3.4"
diff --git a/server-go/docs/examples/dynamic/version.yaml b/server-go/docs/examples/dynamic/version.yaml
index 46afce44..6c8a9ddb 100644
--- a/server-go/docs/examples/dynamic/version.yaml
+++ b/server-go/docs/examples/dynamic/version.yaml
@@ -1,14 +1,6 @@
----
-apiVersion: backups.riotkit.org/v1alpha1
-kind: BackupVersion
-metadata:
-    name: iwa-ait-1
-    labels:
-        backups.riotkit.org/collection: iwa-ait
-spec:
-    selector:
-        name: iwa-ait
-    version: 1
-    filename: iwa-ait-v1.tar.gz
-    uploadDate: "2022-01-01 06:30"
-    uploadedBy: admin
+name: 7a9ecd01-8dec-4be2-8ece-e2a6047e4ffd
+collectionId: iwa-ait
+version: 1
+filename: iwa-ait-v1.tar.gz
+uploadDate: "2022-01-01 06:30"
+uploadedBy: admin
diff --git a/server-go/security/entity.go b/server-go/security/entity.go
index fa23d284..957e9b70 100644
--- a/server-go/security/entity.go
+++ b/server-go/security/entity.go
@@ -6,6 +6,10 @@ import (
 	"time"
 )
 
+//
+// User permissions
+//
+
 type Permissions []string
 
 func (p Permissions) HasRole(name string) bool {
@@ -22,6 +26,17 @@ func (p Permissions) has(name string) bool {
 	return false
 }
 
+//
+// Permissions for objects
+//
+
+type AccessControlObject struct {
+	UserName string        `json:"userName"`
+	Roles    []Permissions `json:"roles"`
+}
+
+type AccessControlList []AccessControlObject
+
 //
 // GrantedAccess stores information about generated JWT tokens (successful logins to the system)
 //