Protection models and security application programming interfaces (APIs) that constitute the state of the art for safeguarding Internet applications prove their limits for fine-grained configurable security policies, and do not ensure the consistency of a given policy implementation across a heterogeneous environment.

Programmable security provides syntactic and semantic constructs in programming languages for systematically embedding security functionality within applications. This paper presents a methodology for extending programming languages with programmable security services, and a secure coordination supporting interoperability in open environments.

Section 1 introduces the topic, and section 2 describes programmable security and related work. The authors chose a ticket-based authorization model (section 3), and section 4 describes the prototype implementation: a Java package that can be seamlessly integrated within native Java applications. The same principles can be applied to a coordination language whose purpose is to enable secure interoperability in open environments. Section 5 explores Mumbo, a secure coordination language for integrating legacy code and heterogeneous objects under a single authorization service, and section 6 concludes the paper.