Jon Udell writes about using accountability to augment access control. Jon is working from Dan Geer's script. Dan has said that accountability scales linearly while access control scales at least as the square. For many applications, simply being able to audit what's happened to a resource (who accessed it, where was it sent, etc.) is sufficient and that's a lot cheaper than trying to build access control lists for every resource in your enterprise.