Reinventing the Wheel… Again

Is anyone shocked that this post is not about ceramics?
I am straining my brain working on GITI v2 AND GITI SiteEngine’s permissions systems. I feel like this is a system that has been done to death in the form of NTFS, .htaccess, Passport, LDAP, etc, etc; but yet, it is essential that I write this from the current point of GITI authentication in order to allow SiteEngine and GITI to both work properly when they are introduced to more users. This is less important for GITI, as I am about its only user, but with the places im putting SiteEngine and the ways it will be used, it is becoming more important that it be able to authenticate users and that their realms/perms be respected. Some time ago I decided that GITI and SiteEngine would operate on separate, but equal authentication realms. GITI and SiteEngine users can authenticate to SiteEngine (the subordinate product), while only GITI users can authenticate to GITI herself (controller of all that is technological or intellectual). These permissions tables and their rules have been understood for some time, but at first I started assigning roles (much like those used for Microsoft SharePoint Services), giving no thought to user-level microcosm control. In a way I am no closer to that now than I was before I started this endevour, but then again, maybe I am? Currently I am working on the concept of feeds (since thats what the new site will need to understand for access control). The concept for control is that no user can add themselves to a non-public feed, and all users will be assigned to the private feeds they are allowed to access, however, they will be able to turn them on and off at will.
Maybe I should sleep before I start having nightmares about the code i’ve written and the database tables i’ve created.