> My internalized model of how this should work is AFS's ACL system (if that's
> not a dirty word...) and the associated PTS group system. Between them,
> they provide excellent ability to talk about users from remote cells and
> allow users to create and manage their own groups.

just use afs if that's what you want.

