The Policy Pattern helps you move complex "Can the user do X?" logic out of your business handlers and into dedicated responsibility-focused classes.
Your DeleteOrderHandler shouldn't contain 20 lines of IF statements checking the user's role, the order status, and the time of day. Instead, you define a DeletionPolicy. The handler simply calls policy.IsSatisfiedBy(user, order). If the answer is No, it throws a Forbidden exception.
Policies are great for cross-context rules. For example, a "Premium Customer Policy" might need to check data from both the Sales context and the Loyalty context. By centralizing this in a Policy class, you make the rule explicit, named, and easily testable in isolation.
Q: "How does this relate to ASP.NET Core Policies?"
Architect Answer: "ASP.NET Core's built-in Policy system is excellent for 'Web-Level' security (e.g., 'Does the user have the Admin claim?'). However, used in Clean Architecture, we often need **Resource-Level** policies that depend on domain state (e.g., 'Can this specific user edit this specific order?'). For these, we build our own Policy abstractions in the Application layer to leverage our repositories and domain entities."