A method is described that involves identifying a configuration file in response to a desire to obtain security services. The configuration file describes a security policy tailored for use in the environmental condition set under which the desire arose. The identifying is based upon at least a portion of the environmental condition set. The method also involves using information found within the configuration file to configure code that performs authentication and authorization services so that the code will implement the security policy.