An access control method where User requests to perform operations on resources are granted or denied based on assigned Attributes of the User, assigned attributes of the Resource, environment conditions, and a set of policies that are specified in terms of those Attributes and conditions.