It's not the most complete lens, but I've always also thought of it as "lots of servers advertising services through a centralized directory" (e.g. like NT's Object Manager).

But, I don't think the Plan 9 team ever figured out how to elegantly implement security/isolation-related primitives like secret storage with a single general mechanism. Their "canonical" way of providing secure authentication relies on a few ad-hoc capability mechanisms, built on top of 9P deeply integrated with some special-purpose kernel features. [1] If Bell Labs had more time, I think they would've ended up rethinking 9P around this issue.

[1] https://css.csail.mit.edu/6.858/2013/readings/plan9auth.pdf