What's your suggestion in an environment where names change monthly and you need to adress that in terms of licenses ?

That's quite hard to answer and IANAL ...

I assume that Cisco itself has not thought of all possible consequences. And that could be one reason that the licensing is still on a trust basis and is not enforced.

If "names change monthly" means that employee one uses the VPN this month and then for some time only employee two but later employee one again, then I would license both. If the employees change roles and employee one will never use that VPN again then it should be fine to license only employee two. At least thats how I read all the info on licensing.

Are you talking about a huge amount of employees? The Plus licenses are quite inexpensive and perhaps there is no problem to "be on the safe side".

Yep, reading through all what Cisco has to offer re. licensing, this comes to mind. Re. trusted licensing - I might report that trying to bring three people online results in the ASA rejecting the attempt. ( I'm not asking to find that nasty switch that  gives us a 500-people LIC for free here ).

The situation is that staff are hired and terminated frequently, so a perpetual LIC model that is object-independent would be great. And having said that - so I need to setup local users on the ASA for this people-based license to work ? My box is speaking to an AD / Radius backend......

I think your licensing could be quite easy. For staff that is hired, you need a license. That license is free again when the contract is terminated. If you know that there are more then 250 hired employees/contractors but it won't be more then 500, then the 500 users-license is for you.