No, I don't want it immutable. What I'd like to do is have an admin configure some data on users. We use OPA for authz, which isn't the most user friendly experience for admins. I'd like to set an initial OPA policy that says something like "allow any user to do X when the user's foo == bar" and where "foo" is data from Kratos.
That way we can create a GUI for admins to store key value pairs in Kratos for user related info and have it affect authz.