And full ACLs throughout from the ground up - not as an after thought - like for instance in UNIX type OSs.
I don't know what you have in mind when you say that Unix only has security as an afterthought. It was built from the ground up to be multi-user, with strict separation among those users (both for in-memory applications and on the file system). It also had the novel setuid mechanism and associated su and chgrp functionality pretty much from the outset. I think that the creators actually got a patent on the setuid mechanism, possibly combined with its use with the passwd program which effectively allowed each user to change their own password in a single system file while not allowing it to change anything else there.
Almost anything that can be implemented using ACLs can also be implemented using the user/group and setuid/setgid mechanisms. About the only area that I can think of where Unix is perhaps more permissive than it should be (for a paranoid sysadmin) is in allowing network access for all users (*). But then again, Unix wouldn't have been such a resounding success without networking, I think. If the designers had wanted to include some sort of "access rights" for the network, then they'd basically end up with something like VMS's security model instead. But then, it obviously wouldn't be the Unix that we know and love :)
* Actually, I realise that this can be done in modern Linux using an iptables command to drop traffic based on userid. I don't actually know how early Unix implementations implemented network access. For all I know, all the network access functions might have actually used a device file at the lowest level. If so, then it actually would have been possible to restrict net access on a per-user basis using the standard user/group security mechanisms...