1. At present we track a from time and end time for our permissions. This allows us to ask questions like "did user X have a relation Y with object Z at time T". It looks like we could use caveats to implement this e.g. each tuple we write would have from and to dates written as context and the check would include a time for the check to be made. Is this a well known pattern? Has anyone else done this before?