Abstract : From the security point of view, one challenge for today's distributed architectures is to support interoperation between applications relying on different possibly inconsistent security policies. This paper proposes a practical approach for dealing with the coexistence of different security policies in distributed architectures. We introduce a model for specifying security policies in terms of security domains and access control rules. Then, we identify the set of operators for combining the specifications of sub-policies and we address the validity of the resulting policy according to the security properties of the sub-policies.