Identity

Every action in Peios happens on behalf of a principal — identified by a SID, carried on a token, anchored in a logon session. This page is the map for how identity flows from authentication into every access decision.

A Security Identifier (SID) is the unique name for every principal in Peios. This page covers the SID format — the string form you'll see in logs and configs, the binary form on the wire, and the rules for comparing two SIDs.

Peios ships with a fixed catalog of principals whose SIDs are defined by the system rather than allocated at runtime. This page is the catalog — what each well-known SID is, when it appears in an ACE, and which ones you will reach for in practice.

A claim is a typed key-value attribute carried alongside a SID. Tokens carry user claims about the user and device claims about the machine, populated by authd from directory objects, used by conditional ACEs to make access decisions on more than just group membership.