It is entirely possible that my implementation sucked or my customers are just uniquely ... inexperienced with dealing with novel usage paradigms, but test the heck out of this.
You could model this in other ways on the User model too, like having a registered_at column, which, when blank, means an unregistered user. (In case, for example, you wanted to autogenerate a username for anonymous users, for display purposes.)
But in that case, it wouldn't help with anonymous sessions - unless you'd just define those as new 'identities' with many of the properties set to unknown.
I think the pattern is interesting enough to flesh out, but I'm not convinced yet if it's a real change from the traditional user/permission duality that is already in wide use.
We blocked spam bots the best we could, but still had issues with actual human spammers and a general lack of quality of submitted posts.
Pros: Questions submitted increased by almost 3x's
Cons: Quality of questions / answers decreased considerably. Threatened the integrity of our overal experience so we removed it.
Seems like an interesting thing to test on my new project.
(caution: dark side points)