Table of Contents

Access control on the web is quite varied, but the most common form of it comes in the form of role-based access list.

In brief, every identified user may be given any number of usergroups and any number of user-individual access rights. The usergroups can be given any number of access rights. Usergroups are always additive - if usergroup A has the rights X and Y and usergroup B has the rights X and Z, a user in both usergroup A and B will have the rights X, Y and Z. Every access right can be arbitrarily assigned to low-level or high-level actions, any of which may be ladden with or without prerequisites (such as the in-built 'democratic' modifier that requires other members of the usergroup to agree).

Common access rights

Common usergroups

Guest / User:

Guide:

Gamemaster:

Moderator:

Admin:

Founder:

Authentication

Actual user authentication (i.e. determining the identity of a user) varies strongly between servers. Sanctuary (re)identifies users on connection to a Fragment using their hostmask and an automated challenge-response handshake the user needs access to their private key for - and maintains a session for the time the user remains in the Fragment. This is true for Denizens (which are expected to have a localhost hostmask) as well as Citizens. Autonomous Puppets are free to move between Fragments, but foreign autonomous Puppets are authenticated on connection with Sanctuary as a whole.