@jonny yeah I could imagine some interesting stuff where the request itself could require some authorization metadata that affirmatively indicates consent for a particular operation has been verified, which might allow for graceful degradation? I would have to dive way deeper into AP to know how this could actually be possible though