Nostrocket actually uses this for the relay too; you have to be in the identity tree to write to the relay, just like this example by fiatjaf. The difference is that instead of storing the list of allowed pubkeys in a local file, nostrocket stores them as events so that it can can use dynamic sets of relays that any participant can run.

i am just about to do this, is there an event kind for this? ACLs basically, right?

If you just want a single pubkey to publish an ACL list you could just use the lists nip. For a self-propagating tree structure that's no good though, which is why it's more complicated.