A method and apparatus is disclosed for local access authorization of cached resources. A first request to perform an operation on a first object that is stored in a cache is received. An entity identifier associated with the entity that sent the first request, an operation identifier associated with the operation, and an Access Control List (ACL) associated with the first object are determined based on the first request. A record that includes at least the operation identifier, the ACL, and an authorization indicator is accessed. The authorization indicator indicates whether the entity has previously successfully performed the operation on any object in the cache that is associated with the ACL. Based on the authorization indicator included in the record, a determination is made whether to authorize the entity to perform the operation on the first object.
A system for providing persistent access control of protected content is disclosed. The method on a client system includes sending a first request for authentication of the client to a server system. Subsequently, the client is authenticated by the server. Next, a user on the client attempts to access a file comprising a trailer and content encrypted with an encrypting key. Then, a second request for access to the content is sent to the server by the client, wherein an identifier from the trailer is included in the second request. The identifier identifies the content or an access control policy of the content. The server determines that the second request is in accordance with an access control policy associated with the content, and grants access to the content. Lastly, the client accesses the content in accordance with the access control policy.
