[Animats]

Kerberos does support authorization. Windows supports this at the Windows group level.[1] Finer grained control requires something else.

Outsourcing "authorization" to an external service comes across as a really bad idea with huge "backdoor" potential.

[1] https://security.stackexchange.com/questions/36072/what-is-i...