Out of Scope
how groups are or should be modeled
Use of certificates to prove that a user has access
Notes:
Predictability is impossible. Access could be denied because
- server could deny access to users who haven’t paid
- implementations could extend permissions model
- Administrators could have special permissions outside the ACL system