Just a second...


Diffusion™ secures your data by requiring client sessions to authenticate and using role-based authorization to define the actions that a client can perform.


The principal is a user or system user that has an identity that can be authenticated.

When a principal is authenticated is becomes associated with a session. The default principal that is associated with a session is ANONYMOUS.

A session is a set of communications between the Diffusion server and a client.
A permission represents the right to perform an action on the Diffusion server or on data.
A role is a named set of permissions and other roles. Principals and sessions can both be assigned roles.
Role hierarchy
Roles are hierarchical. A role can include other roles and, by doing so, have the permissions assigned to the included roles. A role cannot include itself, either directly or indirectly – through a number of included roles.