From fa214052891a8d54121b216879cad8a761608c92 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Mon, 7 Jul 2025 15:49:41 -0600
Subject: docs: add note about placeholder cedar policies

---
 share/man/README.md | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/share/man/README.md b/share/man/README.md
index 1f6dad34..779b37d2 100644
--- a/share/man/README.md
+++ b/share/man/README.md
@@ -196,10 +196,10 @@ User-Agent  Envoy(Sparkle)       Go Authzd    Rust Authzd
 +-----------------------------------------------------+
 |                  Docker Container                   |
 |                                                     |
-|  +---------+    +--------------+    +----------+   |
-|  |  Envoy  |--->| Rust Authzd  |    | Sparkled |  |
-|  | (local) |    |  (library)   |    |   (App)  |   |
-|  +---------+    +------+-------+    +----------+   |
+|  +---------+    +--------------+    +----------+    |
+|  |  Envoy  |--->| Rust Authzd  |    | Sparkled |    |
+|  | (local) |    |  (library)   |    |   (App)  |    |
+|  +---------+    +------+-------+    +----------+    |
 |                        |                            |
 +------------------------|----------------------------+
                          |
@@ -214,7 +214,7 @@ User-Agent  Envoy(Sparkle)       Go Authzd    Rust Authzd
 ### Benefits:
 1. **Local authzd** - Fast, no network latency, basic policies
 2. **Remote authzd** - Centralized policy management, complex rules
-3. **Future**: In-process library eliminates gRPC overhead
+3. **Future**: In-process library reduces gRPC overhead
 
 ---
 
@@ -339,19 +339,20 @@ message CheckResponse {
 }
 ```
 
-### **Key Feature: URT Token Injection**
+### **Key Feature: URT Injection**
 Authzd can inject **URT (Unified Request Token)** headers:
 ```
 x-urt-token: <downscoped_token>
 x-user-id: 123456
-x-user-groups: ["developers", "maintainers"]
 ```
 
 ---
 
 ## Slide 11: Authzd Implementation
 
-### Current Cedar Policy
+### 🚧 **Current Cedar Policies (Placeholder)**
+
+**Note**: These are hard-coded placeholder policies to test the local <-> remote authzd interaction. Real policies are being developed next.
 
 ```cedar
 // Allow requests with valid bearer token
@@ -379,6 +380,8 @@ when {
 };
 ```
 
+**Next**: Replace with real authorization policies based on user roles and permissions.
+
 ---
 
 ## Slide 12: How Authzd Makes Decisions
-- 
cgit v1.2.3