Users

Users represent actors within the service, either as clients or internal systems.

User {
    Handle     :sequence
    PublicKey  :TBD
    PrivateKey :TBD

    Groups     :list{Group.Membership}
    Group      :natural  # index into Groups
}

@User Header {
    Type :block{1}
    # [0:1] System
    # [1:1] Managed
}

Properties

Handle

Handles are public, user-generated text sequences that, along with the host domain, uniquely identifies the user.

Handles are used instead of display names where ambiguity is prohibited, such as in web addresses.

Users may change handles in accordance with domain policy, after which the user enters a cooldown period and the old handle is reserved for a specified duration.

Public Key

The public key is a persistent code provided to external applications to identify the user.

Private Key

The private key validates the server's authority over the user to external applications.

Groups

In addition to the default User group, users may belong to one or more groups.

Each user has a primary group, which determines how their account is displayed.

See: Groups

Management

Unmanaged

Unmanaged users have full authority over their accounts, including configuration and migration.

This user scheme is suitable for public communities where accounts are voluntary and personal.

Managed

Managed users are created and managed by administrators, who specify what authority a user has over their account.

This user scheme is suitable for organizations where accounts are granted as part of membership.

System

System users are created manually by administrators or automatically by module configurations.

Unlike regular users, system users lack profiles and groups.

Automatically created users may specify privilege dependencies but these are not automatically granted.

SystemUser {
    Name :sequence

    Privileges :TBD
}