Multi-site, multi-tiered authorization for Web based resources?

[Richard Wiggins]

This query is pretty broad and somewhat vague.	Please feel free to send private notes to me and I will summarize later.  I'm looking for recent information about schemes for authentication and authorization for access to Web-delivered library resources, especially across multiple libraries (and even statewide or regional licensed resources).  Specifically: 
 
-- Have you implemented an authorization/authentication scheme that uses more than one mode of identification?  Ie some folks get in by virtue of their IP addresses, some by library patron number / bar code, some by password, others by some sort of digital certificates approach? 
 
-- Have you implemented a scheme that allows one individual to gain access to resources by virtue of multiple affinities?  Ie one patron who is teaching a class at a community college, taking a class at a local university, and belongs to a local public library, gains access to the union of all resources at all three libraries, plus maybe statewide-licensed resources? 
 
-- How much of the required technology did you roll yourself, and how much comes from vendor software? 
 
Pointers to actual implementations would be most appreciated, as would journal or discussion references describing work in progress.
 
Thanks! 
 
/rich 

Richard Wiggins
Writing, Speaking, and Consulting on Internet Topics
rich at richardwiggins.com       www.richardwiggins.com