blob: ec5897f827600c4ae499df9c68ae7dbc1166cd9e [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package role defines an interface for requesting blessings from a role
// account server.
package role
import "v.io/v23/security"
// Role is an interface to request blessings from a role account server. The
// returned blessings are bound to the client's public key thereby authorizing
// the client to acquire the role. The server may tie the returned blessings
// with the client's presented blessing name in order to maintain audit
// information in the blessing.
//
// In order to avoid granting role blessings to all delegates of a principal,
// the role server requires that each authorized blessing presented by the
// client have the string "_role" as suffix.
type Role interface {
SeekBlessings() (security.WireBlessings | error)
}
// Role.SeekBlessings will return an error if the requestor does not present
// blessings that end in this suffix.
const RoleSuffix = "_role"