PrincipalDomain is an administrative scoping construct for establishing security policies based on the principals invoking object services that may entail objects moving around a network to accomplish their task. The privileges attached to the principal determines the privileges of those mobile objects, which effectively defines the access control rules for any resource the object might request. These objects may cooperate by delegating subtasks to other objects. During the process of delegation, when one object (initiator) authorizes another object (delegate) to perform some task, the attached privileges might be passed on from initiator to the delegate to accomplish the task. Support for roles is used to improve manageability by adding an optional level of indirection. Role-based access control and delegation provides a higher level of granularity than approaches limited only to individuals. In this paper, we describe a proposed protection mechanism based on code-executing principal...