refactor of the authorization plugin to make it easier to create alternative data structures for capturing the different ACLs; such as a single tree based authorization map