PdP policies

[oharsta]

The following requirements need design and an implementation:

• Visualize the option on an application, that all users have to use a loaX when logging in. This is a read-only option for the IdP admin / member. This setting is maintained by SURF.
• When creating a policy, the user has to choose: authorization policy or assurance policy
• When creating a policy it must be possible to add multiple SP's and choose the negate option for this
• Visual differentiation beween the types of policy (authorization policy, and within those; allow and denial, or assurance policy)
• Where are we going to put the Policies menu-item in the left-side menu?
• IdP / Org members can read-only view the policies in the detail page of the application
• Add the SP names (can be multiple) to the overview policy card
• An IdP / Org admin can maintain a list of applications where all users who login using this IdP, have to step up to LOA x. This is kind of a assurance policy, but much simpler and is also stored very differently in the manage database (which should not be leading in the GUI of course)