I don't understand the proposal to speed up (or simplify?) permission checking by creating a mechanism that excludes certain objects from having permissions applied to them.
Taking the example of bboard, a direct permission need not be assigned to each message. The page which displays messages in a forum can assume that all messages have the same permission, the permission of the forum, and make just one check. This can be done today, there is no overead.
It's important to keep in mind that the permissions of messages still need to be checked, for example on the user contributions page. Does user A have permission to read the three messages user B posted to a private forum? The context_id takes care of this.
What is the overhead of using generic, site-wide services? In most cases--with the exception of the context_id / inherit_p pair in acs_objects, and cr_item / cr_revisions in the content repository--the requirement is that the object be identified with a system unique id. In other words there will be one large table of object ids.
Anything created as an acs object is not forced to take advantage of generic services. On the contrary, by having a system unique id acs objects present the oppertunity to generic services to take advantage of them.
