It makes things a _lot more_ complicated having to deal with resources
and there's a much nicer way to deal with it: Punt it to the apps:

It's much more natural for the application to have a notion about
about what resources are "trusted" (and e.g. requires lesser
privileges) and what resources aren't.

Consider dial-up networking; here the privileged application that
performs the dial-up operation consults a list (maintained by the
system administrator) of allowed numbers to dial. If the unprivileged
networking UI applet that requests a number to be dialed is on the
list it uses the PolicyKit action 'nm-dialup-trusted-location', if it
isn't then it uses the PolicyKit action 'nm-dialup-untrusted-location'.