[[Bell and LaPadula model|BLP model]] works in DoD/Intelligence settings, where users have clearances and documents are classified. Challenges for MAC in commercial settings: 1. Users do not have clearances 2. Data classification/labelling is challenging Commercial settings have different needs from MAC - Users have designated functions - Data may have different sharing requirements - Data could be public, proprietary, internal, etc. - Data could be related to specific projects - Data could only be limited to certain applications - There may be “conflicts of interests” or “separation of duty” constraints - Some policies that explore these requirements - [[Role-based access control]] - Clark-Wilson policy - Chinese wall policy