Access Control (i.e. Security) begins with knowing what resources you need to protect.
What if metadata concept was consistent across all Resources with a similar interface?
- With of course a pre-set and an extendable Taxonomy?
- Each Taxonomy could have a security level rating applied.
- Access Control Policy could be applied based on security level rating and applied as would be performed within a Zero Trust environment.
There might be more information for this subject on one of the following: