Security mechanisms require °exibility to accommodate the frailties of the imperfect people that use them. For example, password systems typically allow users who forget their passwords to reset their password after passing some other test. More gen-
erally, many human decisions of trust are based on weighing a preponderance of evidence in an ad hoc fashion. We present Medina, an authentication system based on combining various forms of evidence in a computational framework. Medina assumes that
all authorization decisions are based on weighing a variety of evidence and brings elements of security (such as what happens when someone forgets their
password) into a computational framework. Medina also allows for a range of access control policies that are less strict and/or more °exible than traditional
security mechanisms.