User Profile

I'm trying to add a new right 'com.mycompany.dosomething' so that AuthorizationCopyRights can ask for the current user to verify possession of the right. I found the 'security authorizationdb write' command, and have been working toward reverse-engineering a right's .plist specification. Is there a spec someplace that actually documents what goes in a right?The 'class' and 'allow-root' keys seem the most puzzling, just from what I've seen in existing rights. But what I'd really like is a list of the supported keys and what their settings mean.