diff --git a/src/config.js b/src/config.js
index d9509cc..854d3b2 100644
--- a/src/config.js
+++ b/src/config.js
@@ -3,8 +3,9 @@ export default { config };
 var config = {
     "pep_credentials" : "pep_credentials",
     "debug": true,
+    "legacy": true,
     "accounting": {
-        "scope":        "authorized_scope",
+        "scopes":       ["authorized_scope1", "authorizeed_scope2"],
         "service_name": "docker_stack_name",
         "host":         "service_hostname"
     },
diff --git a/src/nginx.conf b/src/nginx.conf
index 75e2bcb..f8d907d 100644
--- a/src/nginx.conf
+++ b/src/nginx.conf
@@ -21,7 +21,8 @@ http {
     js_import pep.js;
     
     # added to bind enforce function 
-    js_set $authorization pep.enforce_legacy;
+    # it seems it's not used anywhere
+    # js_set $authorization pep.enforce_legacy;
     
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
diff --git a/src/pep.js b/src/pep.js
index 8b9a042..6e2561b 100644
--- a/src/pep.js
+++ b/src/pep.js
@@ -39,7 +39,7 @@ function enforce_legacy(r) {
   }
 
   debug(context, JSON.stringify(context.config["accounting"], null, 2));
-  var allowedcontexts = [context.config["accounting"]["scope"]]
+  var allowedcontexts = context.config["accounting"]["scopes"]
   log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
   debug(context, "debug is " + JSON.stringify(defaultExport["config"]))
   const token = getGCubeToken(context)
@@ -456,7 +456,7 @@ function buildAccountingRecord(context) {
     "serviceName": defaultExport["accounting"]["service_name"],
     "duration": 0,
     "maxInvocationTime": 0,
-    "scope": defaultExport["accounting"]["scope"],
+    "scope": defaultExport["accounting"]["scopes"][0], // qui va cambiato per capire quale è lo scope corretto dell'utente, al momento viene preso il primo
     "host": defaultExport["accounting"]["host"],
     "startTime": t,
     "id": uuid(),