Multi-party access control is gaining attention and prominence within the community, as access control models and systems are faced with complex, jointly-owned and jointly-managed content. Traditional single-user approaches lack the richness and flexibility to accommodate these scenarios, resulting in undesired disclosure of sensitive data and resources. Moving forward fundamental work in this area is critical. In particular, as personal data amasses and algorithms for data mining improve, personally identifiable information is more readily inferred and the practical implications of privacy decisions are relatively opaque. This is true even at the individual level, but the parallel problem for jointly managed content involves the cross product of these complex outcomes. In this presentation, we discuss fundamental requirements of successful multi-party access control mechanisms and contextualize these concepts with respect to the state of the art. Based on this analysis, we identify open challenges and draw a roadmap for future work.