# Authorization RBAC ## Actor / Subject / Cloud Wallet `urn:trinsic:cloudwallet:1234567890` - URI `urn:uuid:{guid}` `https://{guid}` Actor can have multiple keys on multiple devices Device #1 - Phone `did:key:device1` (controller) `did:key:device1#key-1` (authentication) Device #2 - Browser `did:key:device2` (controller) `did:key:device2#key-1` (authentication) ## Role Assignment RoleId + Actor + Scope (Resource) `trinsic.roles/issuer` + `urn:trinsic:cloudwallet:1234567890` + ?? ## Roles Roles are groups of permissions Issuer = `trinsic.roles/issuer` Provider = `trinsic.roles/provider` Onboarding Manager `TrustRegistry.Schemas.Read` `TrustRegistry.PEx.Read` Template Manager = `trinsic.roles/template_manager` `TrustRegistry.Schemas.Read` `TrustRegistry.Schemas.Write` `TrustRegistry.PEx.Write` `TrustRegistry.PEx.Read` ### Permissions `TrustRegistry.Schemas.Read` `TrustRegistry.Schemas.Write` `TrustRegistry.PEx.Write` `TrustRegistry.PEx.Read` .... ## Scopes (Resources) Ecosystem `/ecosystems/123` Ecosystem Metadata `/ecosystem/123/metadata` Cloud Wallets `/ecosystem/123/wallets/456` Trust Registry `/ecosystem/123/trust_registry` ### Endpoint TrustRegistryManager_Policy CloudWallet_AccessPolicy Search Insert Record Issue Verify Send ### Example of Role Defitions used in Azure