Caller → Router: Session Creation Authorization
Maintainer requirement: authenticate the caller and check policy: who can create sessions in which namespaces, including limits/quotas.
Session Creation Authorization
Policy evaluation output
Click “Check Permission” to run the policy evaluation.
What this demonstrates
- AuthN: caller identity is authenticated (JWT / API key)
- AuthZ: role in namespace authorizes create_session
- Quota: namespace session quota prevents abuse
- Fail-secure: deny by default if any step fails