ACL system, should at a minimum incorporate:
The unregistered being able to submit basic items is just a nice to have IMO. If we can't do it, so be it. I know I've seen some gripes about having to have an account to do a one off report, but it is what it is.
I think this one is "solved" by pulling in com_users ?
About the permissions:
Groups
Actions
So the most notably difference to your approach would be that I don't think we should allow submitting reports or comments to unregistered users. But we can try and see how much vi*gra we recieve ;)