
    Public: No authentication, only session management
   Private: Authenticate once, go everywhere
Restricted: Authenticate and reauthorize with a ticket for every
            request (best used in a post form as hidden input)