Currently the well-known permissions are using the HTTP atributes, such as method, uri, params etc to identify the corresponding permission name such as 'read', 'update' etc. Expose this value through an API so that it can be more accurate and handle various versions of the API
RequestHandlers will be able to implement an interface to provide the name
This means many significant changes to the API
1) name does not mean a set of http attributes. Name is decided by the requesthandler . Which means it's possible to use the same name across different permissions.
2) so far we have been using the name as something unique. We use the name to do an update-permission , delete-permission or even when you wish to insert a permission before another permission we used to use the name. Going forward it is not possible. Every permission will get an implicit index. example
3) example update commands
4) you could construct a permission purely with http attributes and you don't need any name for that. As expected, this will be appended atthe end of the list of permissions
Users with existing configuration will not observe any change in behavior. But the commands issued to manipulate the permissions will be different .