(How should I build proper authorization semantics for a complex dataset?) * Take inspiration from GraphQL (especially Mutations) and micro-services and ask: what is the smallest usable operation? * Design operations around security/authorization boundaries (instead of designing authorization around the operations). * Differentiate in semantic terms: book.add.existing isn't