An alternative scheme would be cache permissions in an nsv, but flush the entire thing on any permissions grant/revoke. Wait, it would also have to be flushed on any group membership change.
Would that cover it? It should still be an improvement over what we have today.
We also talked about caching permissions for 'read' for The Public and Registered Users specifically. Or 'read' for Public and Registered on all packages, at least. What's the status on that?
/Lars