Apparently all your responses to this thread Darran didn't show up in my view of the thread. No idea why. If not Brian's response to your email I wouldn't have found out that.
Copying your email from the list archive:
"But why is that a problem? I think that is the piece still missing.
By moving the list of the permissions into a single named resource the
tooling no longer has a need to be performing the manipulation within the
simple permission mapper so that can be left to the administrator to look
after independently."
It doesn't work like that. It's not like "you can manage this part of the config and this part should be left out".
About the permission-mappings and why this list is a problem. We need to be able to compute a diff between two Elytron subsystem configs. They may match, may be slightly different, may be completely different. To do that we need to be able to identify comparable pieces the config consists of. Named permission-sets are no problem. Now I get to the list of permission-mappings, as it is a part of the Elytron's subsystem config. How can I compare these lists?
Well, naturally a list is a collection of items in a specific order. So what I am going to do is assume that I should be comparing the items in the order they appear in two lists. And generate the diff based on that order. Which in some cases will be useless. The thing is that, I will not only be calculating the diff I will also be applying it to the config. In some cases the result will be pretty much unexpected. Does it make any sense to you?
Thanks,
Alexey