Entity trust relationships

I want to be able to define trust relationships like "I trust user fred on host mx.cenkes.org to create and/or use up to one database in the main instance of Postgres running on host db.cenkes.org". Instances can have site-wide names. More relationships:

• I trust user marie to login on host testbed.cenkes.org with SSH v2 DSA password-protected key (is it possible to check that?) and use command top(1), that's it. Implies sh(1) must be limited or unavailable, her login shell must be a special wrapper.
• I trust user nick to manage (create/delete/change) trust relationships between services on host srv.cenkes.org and users logged in via SSH on host vpn.cenkes.org
• I trust Postfix on host mx.cenkes.org to have read-only access to table mail_users in database dbmail in Postgres on host db.cenkes.org.

Relationships may be crypto-signed, it may be required by some entities. Relationships may be transferable, between hosts, services, users or any entities. Relationships can have embedded relationships, permitting some users to operate on them, e.g. revoke (delete/disable) them. The whole thing introduces much room to shoot oneself in the foot, but it's inevitable on the way to better manageability. Pkgs can have default relationships.