Good points. A variant of this problem is deciding who can modify User X's password. I don't know offhand what the various protocols allow. Some research is in order. I'm thinking to give this thread a few more days to simmer, and then putting together a design document and posting it somewhere for us to collaborate on.
