One other "requirement" from ACL-space..

In systems making use of acls for all access controls, in practice,
there are relatively few distinct acls -- I'd guess maybe two to four
per user.  If acls are only needed for files which the UNIX permission
model is insufficient, I'd expect that even fewer would be needed.

Because of this property, it makes sense for the storage for acls to
be shared (copy-on-write) between multiple files.  In the common case,
a new file just gets a "hard link" to the directory's initial file
acl, and no new acl-specific allocation is needed at file create time.

The "associated files" approach would be one way to implement this;
however, so would putting all acl storage into one big file.

					- Bill