Support authorization matrix

[astsiapanay]

Name and Version

dial 0.25.0

What is the problem this feature will solve?

Some applications may provide sensitive info based on user roles. Let's name those applications as a type A.
At another hand an application B is a custom application to be registered in Core may call the application A using per-request key.
In this case the application B can get access to sensitive user data without user's permission.

What is the feature you are proposing to solve the problem?

A long term solution is to build an authorization matrix based on user consent: permission to call deployments on behalf of user.
Any custom application must declare what deployments are required to proceed user request.
Later user should accept or reject a consent before start working with the application.
Let's consider the following execution flow(it starts from A):

        A
       / \
      /   \
     B     C
    / \   / \
   /   \ /   \
  D    E F    G
        \    /
         \  /
           X 

There are applications A, B, C, D, E, F, G and X. The application X is secure and provides sensitive info but the rest of applications don't.

A -> B, C
B -> D, E
C -> F, G
E -> X
G -> X

User should consent to the application A making calls to B and C. However applications B and C make calls to D, E, F and G.
Those applications must have user's consent too if user accepts consent to the application A.
Once user accepts consent to the application A Core allows user to start using the application.

What alternatives have you considered?

No response

[sr-remsha]

Documented