That's a great observation. There's prior art in authorization (and also in the Kubernetes domain) with folks using Open Policy Agent -- specifically, Rego [0], a derivative of Datalog.
I've used it with success in authorization, but the developer experience could be better. I've found the experience to be better when paired with some constraint framework.
The other trade-off as mentioned in another comment is that it's stateless. The pro is that it's stateless, but the con is that someone needs to figure out a way to get input and data into your evaluation runtime so that you can write meaningful policies.
I've used it with success in authorization, but the developer experience could be better. I've found the experience to be better when paired with some constraint framework.
The other trade-off as mentioned in another comment is that it's stateless. The pro is that it's stateless, but the con is that someone needs to figure out a way to get input and data into your evaluation runtime so that you can write meaningful policies.
[0] https://www.openpolicyagent.org/docs/latest/policy-language/