Create two container objects, which if you're using the content repository would be of type "content_folder" and put the create child permission on that object.
So are you saying stick another layer of objects between the parent and the child.
How is this different than the write privilege on a Unix directory, which says "you can write this file, and that includes adding a child file or deleting a child file"?
My point exactly, it isn't different. Unix doesn't have a separate create privilege. In this case, as you say, the directory is a container. If you are going to create separate objects just for permissions, you don't need extra privileges.
Are you suggesting it should? If so, make a solid suggestion. I'm personally comfortable with the fact that it doesn't, because in practice permissions are simple and easy to use and have proven to be both flexible and (with some tweaking on my part) efficient.
I've said exactly the same thing a few times in this thread already: the flexibility is a good thing, it is efficient to use a proxy, usually parent permissions. My only suggestion is to remove the create privilege, and I've made that suggestion pretty solidly.
However, I agree that it can be useful. Agreeing with this, I would have to ask: why not others? Why not a delete privilege?
I'll drop the attribute level discussion, since it appears to be off topic.
Anyway, I must have missed the whole point of the discussion, as usual. The read priv is for reading, write for writing, admin for admining and create for creating. It really would take a numbskull to mess this up.