Expand description
Principal — sealed authenticated-actor identity.
A Principal is an authenticated actor: a user, a service, or anonymous.
Every cross-boundary invocation has exactly one immediate-caller principal
that the framework auto-stamps. Activations receive a &Principal; they
cannot construct one.
Per AUTHZ-0 §“The sealed-type pattern” (and the same protections enumerated
in verified_user.rs):
- No fabrication. Constructors are crate-private.
- No backdoor
From/Into. Orphan rules forbid foreign-trait impls for this foreign type from a third crate. - No accidental
Default. Not derived; a default would be ambiguous between anonymous and verified-anonymous. - No leaky
Deserialize. Not derived; raw JSON cannot fabricate one. - No mutation. Fields are private; only accessors expose data.
Structs§
- Service
Identity - Service-identity claim, paired with
Principal::Serviceto identify a non-user authenticated actor (e.g., another Plexus deployment).
Enums§
- Principal
- An authenticated actor: a user, a service, or anonymous.