1 files changed, 57 insertions, 0 deletions

diff --git a/crates/secd/README.md b/crates/secd/README.md
index 5786d0c..17c333d 100644
--- a/crates/secd/README.md
+++ b/crates/secd/README.md
@@ -52,3 +52,60 @@ GET /oidc/provider?state=123444 -- state validated by client
 POST /api/auth/oidc { data ... }
 motif = start_motif(Oidc, access_token, data)
 session = complete_motif(motif.id)
+
+ref = secd.write(User(user, 1), (doc, 3), "editor");
+secd.attach_computed_property(ref, "property_name");
+
+secd.check(User(user, 1), (doc, 3), "editor")
+secd.compute\_check(User(user, 1), (doc, 3), "editor", ["property", args...], ["property", args...])
+e.g.
+secd.compute\_check("User(user, 1), (doc, 3), "editor", ["readable_row", 2134], ["property2", args...])
+
+.....NO: A computed property should just be a domain things, and if any data is needed, it can be attached to the auth store for that identity!!!!!!!!!!!!!!!!
+
+## Namespace stuff...
+
+use file/path/1
+use file/path/2
+
+namespace user { }
+namespace role {
+    relation member {
+        user | group#member
+    }
+
+    computed_property (t: timestamp, s: timestamp) {
+        perform a computation here...
+    }
+
+    computed_property (s: string) {
+        s.starts_with("b")
+    }
+}
+
+namespace group {
+    relation member {
+        user | this.admin
+    }
+    relation admin {
+        user
+    }
+}
+
+namespace doc {
+    relation owner { user }
+    relation editor { user | this.owner }
+    relation viewer { user | this.editor | this.parent#viewer | all(user) }
+    relation auditor { editor - this.owner }
+    relation parent { this.doc }
+}
+
+so, basically it's just:
+
+namespace N {
+    relation R {
+        N#R | N#R & N#R - N#R
+    }
+}
+
+These are `.iam` files. Any `.iam` file can be specified as the main file, and then each use statement will be followed.