Improve policy evaluation response

Motivation

Current policy evaluation response contains an evaluationID attribute and a result attribute where the resulting objects of the policy evaluation are stored.

{
  "evaluationID":"9cb55084-3210-4c83-8238-96ae21440bfe",
  "result":{
    "allowed":true,
    "data":{
      ...
    }
  }
}

We'd like to remove the embedding of the result and to allow for pure response without any mapping name.

For example, if we want to generate DID documents, we'd like to return the pure document without an attribute specifying that this is a document.

Instead of:

{
  "doc": {
    "@context": ...
  }
}

We want:

{
  "@context":...
}

With the current implementation this is impossible for two reasons:

• the evaluationID attribute makes it impossible to return a pure result
• even without evaluationID the resulting variable from Rego will still be returned as name:value object and we want be able to return only the value of the variable without its mapped name.

Implementation Details

• Remove the evaluationID attribute and instead return its value in a ETag response header.
• Treat empty variable assignment in Rego as a way to notify the response encoder that we want to return just the pure value without mapping to the variable name.