Information about the current Session. The Session may contain information about the authenticated Principal and where the Request can from, the Client. The Session information is used by the BasicDecider mechanism.
If no types are listed ... then ALL Types are allowed
If no Clients are listed ... then ALL Clients are allowed