Security Provider Interface

TODO: talk about SPIs