These docs are under active development and cover the v0.20 Kobicha security model.
Peios Learn

Impersonation

Concept
Understanding Impersonation

How services temporarily adopt a client's identity so access decisions use the client's token, not the service's.

 Concept
Impersonation Levels Explained

The four impersonation levels -- Anonymous, Identification, Impersonation, and Delegation -- and when to use each.

 Concept
How Identity Cascades Across Local Services

How a client's identity flows through chains of local services via impersonation without amplifying authority.

 How-to
Setting the Impersonation Level on a Connection

How clients set the impersonation level when connecting to a service and choosing the minimum level needed.

 How-to
Impersonating a Client's Identity

How service developers impersonate a client connection so the thread operates under the client's identity.

 How-to
Reverting to Service Identity

How and when to call revert_to_self to clear an impersonation token and return to the service's own identity.

 How-to
Testing Public Accessibility with Anonymous Impersonation

Using Anonymous impersonation to test whether a resource is publicly accessible without revealing caller identity.