So far I have been working with Roles for authorization but that is not very versatile when you want to dynamically assign permissions without having to define or update roles and have to recompile when a new permission is added or required.
Therefore I was looking to use Claims to be able to define a set of permissions like "can edit news feed, can add news article, can delete users", etc. I wanted to be able to have some sort of permissions controller from which I could dynamically grant or revoke permissions to a user or role. So basically having a pool of permissions that could be granted or revoked.
But when I looked at the Identity tables in ASP.NET Core 1.1 I quickly noticed that one could not create independent "stock" claims that I could assign to my heart's content. It is only possible to define a claim associated to a user or a role. And so, if I have a set of claims that by force I have to associate to a RoleId then I might as well simply authorize based on the role rather than check on a specific claim, so what is the advantage?