Upstream introduces Pod Isolation Policies as a replacement of Pod Security Policy, following the sig-auth and sig-security discussions
in https://docs.google.com/document/d/1dpfDF3Dk4HhbQe74AyCpzUYMjp4ZhiEgGXSMpVWLlqQ/edit?usp=sharing. OpenShift's Security Context Constraints (SCCs) must co-exist with the new upstream concept.

DoD:

• investigate PSP++ upstream (done)
• investigate downstream SCC logic (done)
• come up with coexistence ideas (done - PoC enabling PodSecurity in openshift is seen below)
• set up a small meeting for whole auth-team to discuss options (done - Auth Arch meeting Aug 31)
• write an OEP if necessary (too early, tbd)