| // Copyright 2015 The Vanadium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // Package role defines an interface for requesting blessings from a role |
| // account server. |
| package role |
| |
| import "v.io/v23/security" |
| |
| // Role is an interface to request blessings from a role account server. The |
| // returned blessings are bound to the client's public key thereby authorizing |
| // the client to acquire the role. The server may tie the returned blessings |
| // with the client's presented blessing name in order to maintain audit |
| // information in the blessing. |
| // |
| // In order to avoid granting role blessings to all delegates of a principal, |
| // the role server requires that each authorized blessing presented by the |
| // client have the string "_role" as suffix. |
| type Role interface { |
| SeekBlessings() (security.WireBlessings | error) |
| } |
| |
| // Role.SeekBlessings will return an error if the requestor does not present |
| // blessings that end in this suffix. |
| const RoleSuffix = "_role" |
