I have cooked up something like that in house, using a faux "Virtual Private Database" implemented in the application layer. You can look at Postgres' Viel project or Oracle's VPDB functionality to see record and column level fine-grained authorization. My system implements a flat RBAC system in Lisp and I will be implementing OAuth as the inter-app authentication module. That way a user of our site can grant fine-grained access to an asset of theirs, with the ability to grant read/write/delete permissions, and expiration by time or times accessed.

An elaborate piece of pain though.