New authentication and authorization systems are necessary to manage users and resources lifecycles in a federated environment, provide support for more flexible resources assignement and reduce the privileges granted by the simple possession of a CERN account.