token                             (string)    NATS token
tls                               (on|off)    set to 'on' to enable TLS
tls_skip_verify                   (on|off)    trust server TLS without verification, defaults to "on" (verify)
ping_interval                     (duration)  client ping commands interval in s,m,h,d. Disabled by default
streaming                         (on|off)    set to 'on', to use streaming NATS server

				"application/vnd.japannet-registration",
				"application/vnd.japannet-registration-wakeup",
				"application/vnd.japannet-setstore-wakeup",
				"application/vnd.japannet-verification",
				"application/vnd.japannet-verification-wakeup",
				"application/vnd.jcp.javame.midlet-rms",
				"application/vnd.jisp",
				"application/vnd.joost.joda-archive",
				"application/vnd.kahootz",
				"application/vnd.kde.karbon",

	{file: "myobject", offset: 1000, length: 1001, algorithm: BLAKE2b512, expError: nil},        // 15
}

// TestXLStorageReadFile with bitrot verification - tests the xlStorage level
// ReadFile API with a BitrotVerifier. Only tests hashing related
// functionality. Other functionality is tested with
// TestXLStorageReadFile.

	return (isOwnerDerived || combinedPolicy.IsAllowed(parentArgs))
}

// IsAllowedSTS is meant for STS based temporary credentials,
// which implements claims validation and verification other than
// applying policies.
func (sys *IAMSys) IsAllowedSTS(args policy.Args, parentUser string) bool {
	// 1. Determine mapped policies

	isOwnerDerived := parentUser == globalActiveCred.AccessKey