Here is the config that I am planning.
Multiple SSID/Network
Guest
Captive Portal with sponsership from authorized user and WPA2 authentication
Work
Secure SSID with VPN to corp network as well as access to lan resources like printer. WPA2 authentication to Wireless using Google Apps or OATH creds
Home
Secure SSID with VPN using StrongVPN to security from ISP snooping using DNSCrypt to connecto to OpenDNS for DNS security and Filtering per user, WPA2 Security using Google Apps/OATH authentication to network
Entertainment
Separate Secure SSID using WPS2-PSK for devices like XBox, WII, PlayStation, AppleTV, GoogleTV, Tivo/DVR.
Home Automation/Device Network
This would be for devices like WiFi enabled home automation devices, wireless printers, cameras
USB Storage for Video/Audo Streaming, Security Cameras, File Storage, and Device Backup.
USB Printer Support
Ability to have VPN support for different SSID/Networks.
Work Traffic goes to work, Home and Work Internet Traffic goes to StrongVPN, Entertainment and Guest Traffic would go directly to the internet, and Device Traffic would go through Strong VPN. All the while you have a single Hub for Home Automation the communicates with the cloud for web and smartphone access to the router/home automation.
I am not fully sure how to make it all work yet but I have already started the planning.