It would be nice to check more than one end-system or user group when validating access control rules.
Also it would be great to put end-system/user into temporary group when we authenticate host and user in sequence.
In many cases there is need to check if somebody was already authenticated and his rights should be elevated.
Fore example i would like to check if computer is in ldap host group and at the same time is in local end-system.
