While there has been considerable effort in creating a single sign-on
solution for interoperability among authentication methods, such 
interoperability across authorization methods has received little
attention.  This paper presents a flexible distributed authorization 
protocol that provides the full generality of restricted proxies while
supporting the functionality of and interoperability with existing
authorization models including OSF DCE and SESAME V2.  Our 
authorization protocol includes a delegation method that 
is well suited for certain electronic commerce applications.