The NIS+ security model provides both authorization and authentication mechanisms. For authorization, every object in the namespace specifies the type of operation it accepts and from whom. NIS+ attempts to authenticate every requestor accessing the namespace. After it identifies the originator of the request, it determines whether the object has authorized that particular operation for that particular principal. Based on its authentication and the object's authorization, NIS+ carries out or denies the access request.