Windows has a lot of great ideas around users, groups and permissions. Primarily built around an enterprise use case instead of a home user or server use case, but overall still a lot more refined than the unix system (in large parts due to being developed decades later)
The Authority/UserName scheme that allows you to use user names from different authorities on the same computer without name collisions, and the hierarchical userids that are SIDs are both quite useful. The most obvious everyday use case are file permissions on shared media like a USB drive or a network drive: knowing these files belong to user 1000 isn't very useful if every computer has a different idea of who that is
They aren't perfect by any means. If you were to design the same thing today you'd probably use UUIDs. But there are a lot of good ideas in there
I also think there's room for taking some inspiration from more modern cryptographic-key-based identity systems like blockchain identities and AtProtocol and Urbit - your primary identity as a user is an asymmetric cryptographic key, which you keep extremely secure; and then you can use this key to authenticate and encrypt messages over a public network or on a public data store, and you can derive sub-keys for use in various contexts. Instead of having to have different authorities keep track of usernames, what if every user in the system was identified with a public key from a global, cryptographically-large key-space?
Windows has a lot of great ideas around users, groups and permissions. Primarily built around an enterprise use case instead of a home user or server use case, but overall still a lot more refined than the unix system (in large parts due to being developed decades later)
The Authority/UserName scheme that allows you to use user names from different authorities on the same computer without name collisions, and the hierarchical userids that are SIDs are both quite useful. The most obvious everyday use case are file permissions on shared media like a USB drive or a network drive: knowing these files belong to user 1000 isn't very useful if every computer has a different idea of who that is
They aren't perfect by any means. If you were to design the same thing today you'd probably use UUIDs. But there are a lot of good ideas in there
I also think there's room for taking some inspiration from more modern cryptographic-key-based identity systems like blockchain identities and AtProtocol and Urbit - your primary identity as a user is an asymmetric cryptographic key, which you keep extremely secure; and then you can use this key to authenticate and encrypt messages over a public network or on a public data store, and you can derive sub-keys for use in various contexts. Instead of having to have different authorities keep track of usernames, what if every user in the system was identified with a public key from a global, cryptographically-large key-space?