From f2d63467764fd3784e9eb207bdb5b5387e7cd516 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Sun, 28 Oct 2012 20:50:37 +0000
Subject: Add initial explanatory paragraph

---
 docs/tutorial/4-authentication-and-permissions.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'docs/tutorial/4-authentication-and-permissions.md')

diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md
index 336d5891..a0d7c5a6 100644
--- a/docs/tutorial/4-authentication-and-permissions.md
+++ b/docs/tutorial/4-authentication-and-permissions.md
@@ -1,7 +1,11 @@
 # Tutorial 4: Authentication & Permissions
 
-Currently our API doesn't have any restrictions on who can 
+Currently our API doesn't have any restrictions on who can edit or delete code snippets.  We'd like to have some more advanced behavior in order to make sure that:
 
+* Code snippets are always associated with a creator.
+* Only authenticated users may create snippets.
+* Only the creator of a snippet may update or delete it.
+* Unauthenticated requests should have full read-only access.
 
 ## Adding information to our model
 
-- 
cgit v1.2.3