I’ve been lurking on the list for a few weeks now, as well as working
through the Agile book and the Wiki, and I’ve run across several
detailed discussions about authentication/authorization (A/A: includes
login, permissions, ACLs, etc., etc.). I’ve been particularly struck by
the apparent consensus that it’s impossible to design a general-purpose
A/A plug-in for Rails or web apps more generally. That’s bad news, as I
would love to benefit from the work of somebody smarter and
better-educated about A/A and Rails than I am 
I have to work up an A/A strategy for a new web app project, and I’m
wondering if people have any suggestions for higher-level tutorial
resources on A/A? What I have in mind is not one more plug-in or a
ruby/rails code tutorial, but a more conceptual discussion of how to
think about A/A needs and tradeoffs when designing a site, design
patterns that work for particular domains of A/A problems, and what to
think about when designing a web-app permissions system for scalability,
extensibility, performance, etc.
Anyone got favorite books, articles, other resources that they can
recommend?
tia, --CJ