Going beyond the current implementation of External Authentication, this idea is to allow authentication against another FileMaker File, so your accounts do not need to be replicated across multiple files in a solution.
This would allow you to gain many of the advantages of External Authentication, while keeping all of the benefits of internal FileMaker Accounts (eg: the ability to create/manage them by script inside FileMaker).
Implementation would be similar to current External Authentication. When configuring an Account, for the popup "Account is authenticated via:", you would select "External FileMaker File" and then reference the file. Next, instead of specifying a Group Name to match a group on the directory server, you would specify a Privilege Set Name that would match a Privilege Set in the "master" FileMaker File.