The Authorization and Access Control Services provide functionality to grant or deny access to information processing services, data and physical facilities. They enforce information security and management policies by ensuring individuals only access those resources they are entitled to use and then only for approved purposes. The request for access includes the resource and the type of desired access, e.g. reading, writing, opening. The authorization decision is based on the access control rule sets, resulting from privilege management, taking into account the level of assurance of entity's identity determined by the utilized authentication mechanism.