The use of attribute certificates andthe concept of mobile policies have been proposedto overcome some of the limitations of the role basedaccess control (RBAC) paradigm andto implement security requirements such as the “originator controlled” (ORCON) policy. Mobile policies are attachedto the data that they control andenforced by their execution in trusted servers. In this paper we extendthis idea to allow the execution of the policies in untrustedsystems. Our extension allows policies to be boundto the data but not attachedto. Through this modification security administrators are able to change policies dynamically and transparently. Additionally, we introduce X-ACS, an XML-based language designedto express policies in a simple andunam biguous way overcoming the limitations of other approaches. Important features of X-ACS are that it can be used by processors with limited capabilities such as smart cards while allowing the automated validation of policies.