Authentication and authorization

What are folks doing for their authorization control in their RoR
applications.

I am currently looking at the following resources

http://www.billkatz.com/authorization (authorization plugin)
http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html (model
security)

I imagine that most people are using acts_as_authenticated and the
authorization plugin to implement the authentication/authorization.

Any feedback would be appreciates?

cheers