Skills

session-based-access-control-pattern

Installation
SKILL.md

Session-Based Access Control Security Pattern

Combines session-based authentication (opaque tokens) with authorization. Subject is first authenticated via session ID, then authorized based on their principal's privileges before action execution.

Core Components

Role Type Responsibility
Subject Entity Requests actions with session ID
Authentication Enforcer Enforcement Point Verifies session ID
Verifier Decision Point Validates session, retrieves principal
Session Manager Entity Maintains open sessions
Session ID Generator Cryptographic Primitive Generates secure session IDs
Authorisation Enforcer Enforcement Point Checks action authorization
Decider Decision Point Makes authorization decisions
Policy Provider Information Point Manages access policies

Data Elements

Related skills

More from igbuend/grimbard

Installs
7
Repository
igbuend/grimbard
GitHub Stars
4
First Seen
Feb 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass