Permissions
If you are building a {system|application|website}, and you think it might be nice to have some way to control who {sees|does} what, it might be a good idea to design the permission model prior to constructing the software. Just a thought…
Any part of your architecture that affects all (or most) of your problem space, should be laid out as much as possible prior to building the solution. Otherwise, retrofitting it is a nightmare. But then again, what can I expect from a client that doesn’t believe in ANY (well, OK, napkin equivalents are permitted) specifications? J