But Facebook permissions can be modelled. They may not be direct mappings to UNIX permissions or ACLs, but that's taking my OS analogy too literally. The point is, Facebook should have a shared component that does the permission checks, rather than giving each page global access and relying on the author to do the checks themselves.
I deeply agree for the facebook case, I just wanted to point out that there is no known general solution for a centralized resource access control for web backend that will fit all use cases properly.
