For distributed computing systems, specification and enforcement of permissions can be based on a public key infrastructure which deals with public keys for asymmetric cryptography. We review previous approaches and classify them as based on trusted authorities with licencing and dealing with free properties (characterizing attributes including identities), e.g. X.509, or based on owners with delegation dealing with bound properties (including capabilities), e.g. SPKI/SDSI. These approaches are extended and integrated into a hybrid model which uses protocols to convert free properties into bound properties. Furthermore we unify licencing and delegation by introducing administrative properties. The hybrid model is suitable for a wide range of applications requiring security policies for confidentiality and integrity. In the latter case appropriate challenge-response protocols are needed. Secure mediation is taken as an example for such applications.