As an increasing number of applications and services are being made available over networks such as the Internet, an increasing number of content, application, and/or service providers are turning to technologies such as cloud computing. Cloud computing, in general, is an approach to providing access to electronic resources through services, such as Web services, where the hardware and/or software used to support those services is dynamically scalable to meet the needs of the services at any given time. A user or customer typically will rent, lease, or otherwise pay for access to resources through the cloud, and thus does not have to purchase and maintain the hardware and/or software needed.
A potential disadvantage to such an approach, at least from a customer point of view, is that the resources typically are at a location under control of the provider of those resources, and thus are out of the direct control of the customer. In order to help ensure that resources allocated to the customer perform tasks only under direction of that customer, the customer or provider can utilize one or more access control policies that can be used to indicate which requests requiring access to those resources should be allowed, and which should be denied. However, in certain situations, merely allowing or denying a request may not capture the intent of the customer for whom the resources have been provisioned. In those situations, it may be advantageous to enable the policy to specify additional actions that may be performed upon its evaluation.