...
- how to determine, from an entity's schema and from the repository authorization services, that a permission is needed to access a certain field of a certain entity. (The alternative is alternatives are (1) to add a service to do this or (2) to do it automatically and return the information with the response (e.g. in the response header). We particularly want to avoid (2) because of the computational burden that might not be necessary.)
- how to fulfill a requirement (e.g. if a EULA needs to be signed, knows how to retrieve and display the EULA, get it signed, and submit the appropriate request to the repo service)
...