Jiri Ludvik (via Scott Loftesness, because Jiri wrote "Groove rocks!" a couple of days ago) has some interesting observations around access control. He quotes Daniel Geer:

If you look at the access control problem, it is a matrix. The rows are requestors and the columns are objects of their desire. Linear growth in either or both means geometric growth in the number of table entries in that matrix... beyond a certain size no one can get their head around it anymore... An awful lot of legacy systems' durability is explicitly derived from this combination of "essential" and "cannot be understood."