help for concepts about key management of the Linux kernel security

[cauc.peter]

I recently studied articles related to key management of the Linux
kernel security module and found some strange concepts that bothered me,
such as the meaning of key Possession and its perms.
After reading the kernel keys.txt document and man 7 keyrings still no
solution.

For example, using the keyctl command in user mode to create a session
shell is different from directly creating a new shell, keyctl show @s
has different output. i think it maybe cause by perms. but no about 
further more explanation.
and How to add other shells to the same key session?

Looking forward to your answer, thank you very much