Comment 16 for bug 1617918

Current thoughts:

* Merge created_by_user/project into one field named "owner" which can also contain domains (e.g. domain:user:project), so we don't care about authentication type anymore
* Each auth_type can map its own headers to the "owner" field for ACL
* Remove user_id,project_id from generic – each auth type module can map this as it wants
* Make (resource_id,owner) unique