I'm generally interested in how authorization modules can leverage each other's work and common apis. In particular, I'm interested in a discussion of a generic authorization mapping apis as in http://www.gliffy.com/publish/2384881/ that can cut down on the number of authorization modules via a feeds-like fetcher, parser/mapper, and processor. Perhaps such a module would just leverage the feeds module itself and put a user interface on it with some special treatment of on-logon granted authorizations.

Authorization Data Sources: LDAPs, DB Queries, Oauth, Webservices,...
Authorization Modules: LDAP, Shib, ...
Authorization Targets: Drupal roles, OG Group memberships, Workbench Access, ...