The authentication process associates users with access policies and after this process has completed the user gains access to data resources within the limitations imposed by the access policies. The proposed framework includes control, group and user management and other information that is stored utilizing XML.