Add inline policy capabilities to authorization

[ruiconti]

Proposal

With a discussion with @rafamelos for an internal project, we came to realize that we'd fall in the common trap of RBAC systems that the number of roles and policies would increase exponentially as the number of user and resources increases.

And the root of this problem lies, primarily for this context, in having too many fine-grained role-policies associations.

Solution

A first thought solution would be to implement inline-policies. As a legal direct relationship between user and a policy. With that in mind, changes are bound to happen at

• Authorization base classes
• Access interfaces to enable inline-policy management

One benefit from current implementation is that authorization flow would remain unchanged. Meaning that no need to alter how permissions are checked.