Access control is fundamental for enforcing security and privacy requirements in data processing systems, protecting system resources such as files, applications, databases, and so on, against unauthorized access by internal or external system users. In electronic commerce, for example, and indeed in the Internet in general, one of the most important considerations is ensuring that only authorized users can access valuable resources.