ACL, Authentication and Single Sign-On

I am trying to figure out the best way to set up the model for what
could be a moderately complicated authentication / ACL issue. I am
trying to set up a kind of "single sign-on" for a web application,
where the end user could be assigned one or more roles through one or
more customers. I'm also trying to figure out which of the
authentication packages might work best for this setup.

A Customer represents a corporate entity that would pay to use a
website. Each person represents an individual and has their own
sign-on, and has one or more roles, either with a single customer or
with multiple customers.

Tables:

PEOPLE
id
last_name
first_name
e_mail

CUSTOMERS
id
customer_name

ROLES
id
role_name

PEOPLE_ROLES
person_id
customer_id
role_id

For example:

Johnny has Security Clearance Level 1 for Customer A
Jane has Level 2 and Level 3 for Customer B, and has Level 1 for
Customer A

Thanks in advance--

--Jeff Wigal