The reason I'm interested in this is that it suddenly means that the integrity of user properties changes from being "nice to have" (useful meta data about a person) to a security dependency for the organisation (i.e. you can't set up a DAC on a folder such as "all users in department x have access to resource y" if you can't rely on the integrity of the department property :)