1. Introduction

We consider scenarios in which providers wish to grant to consumers the right to use certain resources for some agreed-upon time period. Providers might be companies providing outsourcing services, or scientific laboratories that provide different collaborations with access to their computing resources. Providers and consumers may be nested: a provider may function as a middleman, providing access to resources to which the provider has itself been granted access by some other provider. Usage policy issues can arise at multiple levels in such scenarios. Providers want to express (and enforce) the policies under which resources are made available to consumers. Consumers want to access and interpret policy statements published by providers, in order to monitor their agreements and guide their activities. Both providers and consumers want to verify that policies are applied correctly. In summary, we are interested in the expression, publication, discovery, enforcement, and verification of policies, at both resource provider and consumer levels.