Hello Jay
If you want to leverage the existing user profiles in the RADIUS server for authentication, authorization, this Internet Draft TLS-EAP Extension http://tools.ietf.org/html/draft-nir-tls-eap-06 might be what you are looking for. Unfortunately, there is no implementation up to date as far as I know.
I am designing and developing the software for this Internet draft based on OpenSSL, EAP module from wpa-supplicant and freeradius client. Please let me know any special requirements if you are interested in using TLS-EAP Extension.
I read the draft you mentioned above and I'm not 100% sure if I understood it correctly. So basically spoken the authentication/authorization becomes more of less independant from the application using this software/draft. There's an authentication/authorization infrastructure besides client and service that is generic and can be used for *different* services. So, e.g. I can use it for authentication/authorization for a webbrowser towards apache, for a mailclient towards the mailservice etc. If it is like that, this sounds pretty amazing and would give us exactely what we need. Best regards! M