tl;dr:Aaron had to build a system that was scalable, fast & generic enough for any new products. Permission systems that are too simple lack the features to "support fine-grained access on single resources," and too complex the system might unravel a "whole policy of attribute-based permissions." Aaron runs through the creative approach taken.