A framework of composable access control features: Preserving separation of access control concerns from models to code.