I find this a very elegant idea.Something like this might then work: <mm:cloudinfo type="user"> <mm:node> </mm:node> </mm:cloudinfo>
In the case of cloud-security, the node can be de user-node. If no node is associated with the user, cloud-info could provide a 'virtual' node?
Also it becomes possible to manipulate the security in this way, without providing a complete interface for it.
