Logic for opening an object First, permit if passes MAC check Second, permit if allowable cross domain context Third, deny all others mac-check xdomain-open deny