This should be instead of using the resource in the Elytron subsystem so capabilities will need to ensure they are mutually exclusive.

A question will be should this subsystem support custom general policies like the Elytron subsystem does so we can deprecate and remove the resource in the Elytron subsystem, or should this just enable the default registration as required for the specifications.

This would be assumed to be present in the default configurations and layers such as ee-security which rely in Jakarta Authorization then depend on this new layer.