Saml:SamlRoles

SAML Roles used in PAWN

A more up to date list of these roles can always be found in the SAMLRoles source file in the pawn-ws-sec project.

• urn:pawn:role:user_ - pawn client, standard user w/ no administrative or management priviledge

• urn:pawn:role:manager - domain manager, if a client presents this, you usually check the authority uri in the certificate to make sure the assertion domain matches the domain where the user is trying to act.

• urn:pawn:role:administrator - global administrator, usually this should only be trusted from select authorities

• urn:pawn:role:scheduler - system role for schedulers talking to receiving servers and possibly managers, this should be restricted to certain authorities.

-- Main.MikeSmorul - 12 Sep 2005