diff --git a/src/main/java/org/gcube/common/authorization/library/enpoints/AuthorizationEndpoint.java b/src/main/java/org/gcube/common/authorization/library/enpoints/AuthorizationEndpoint.java
index 7c833d4..aa67fe8 100644
--- a/src/main/java/org/gcube/common/authorization/library/enpoints/AuthorizationEndpoint.java
+++ b/src/main/java/org/gcube/common/authorization/library/enpoints/AuthorizationEndpoint.java
@@ -13,7 +13,7 @@ public final class AuthorizationEndpoint implements Comparable<AuthorizationEndp
 	@XmlAttribute
 	private int priority = 0;
 
-	@XmlElement
+	@XmlAttribute
 	private String infrastructure;
 	
 	@XmlElement
@@ -51,6 +51,10 @@ public final class AuthorizationEndpoint implements Comparable<AuthorizationEndp
 	public void setPort(int port) {
 		this.port = port;
 	}
+	
+	public int getPriority() {
+		return priority;
+	}
 
 	@Override
 	public int compareTo(AuthorizationEndpoint o) {
@@ -100,7 +104,5 @@ public final class AuthorizationEndpoint implements Comparable<AuthorizationEndp
 			return false;
 		return true;
 	}
-
-	
 			
 }
diff --git a/src/main/java/org/gcube/common/authorization/library/enpoints/AuthorizationEndpointScanner.java b/src/main/java/org/gcube/common/authorization/library/enpoints/AuthorizationEndpointScanner.java
index da14876..15d443a 100644
--- a/src/main/java/org/gcube/common/authorization/library/enpoints/AuthorizationEndpointScanner.java
+++ b/src/main/java/org/gcube/common/authorization/library/enpoints/AuthorizationEndpointScanner.java
@@ -1,8 +1,7 @@
 package org.gcube.common.authorization.library.enpoints;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.Unmarshaller;
@@ -19,7 +18,7 @@ public class AuthorizationEndpointScanner {
 
 	private static Logger log = LoggerFactory.getLogger(AuthorizationEndpointScanner.class);
 
-	private static List<AuthorizationEndpoint> endpoints;
+	private static Map<Integer, AuthorizationEndpoint> endpoints;
 
 	/**
 	 * The path used to find service map configuration files.
@@ -29,11 +28,11 @@ public class AuthorizationEndpointScanner {
 	/**
 	 * Scans the classpath for {@link ServiceMap}s.
 	 */
-	public static synchronized List<AuthorizationEndpoint> endpoints() {
+	public static synchronized Map<Integer, AuthorizationEndpoint> endpoints() {
 
 		if (endpoints==null || endpoints.size()==0){
-			endpoints = new ArrayList<AuthorizationEndpoint>();
-
+			endpoints = new HashMap<Integer, AuthorizationEndpoint>();
+			
 			try {
 
 				JAXBContext context = JAXBContext.newInstance(AuthorizationEndpoint.class);
@@ -42,7 +41,10 @@ public class AuthorizationEndpointScanner {
 				ClasspathScanner scanner = ClasspathScannerFactory.scanner();
 				for (ClasspathResource r : scanner.scan(new NameMatcher(configurationPattern))){
 					AuthorizationEndpoint endpoint = (AuthorizationEndpoint)um.unmarshal(r.stream());
-					endpoints.add(endpoint);			
+					if (!endpoints.containsKey(endpoint.getInfrastructure()) 
+							|| endpoints.get(endpoint.getInfrastructure()).getPriority()> endpoint.getPriority())
+						endpoints.put(endpoint.getInfrastructure().hashCode(), endpoint);
+					
 					log.info("loaded endpoint {} ",endpoint.toString());
 				}
 				if (endpoints.size()==0)
@@ -51,7 +53,7 @@ public class AuthorizationEndpointScanner {
 			} catch (Exception e) {
 				throw new RuntimeException("could not load authorization endpoints", e);
 			}
-			Collections.sort(endpoints);
+			
 		}
 		return endpoints;
 	}
diff --git a/src/main/java/org/gcube/common/authorization/library/policies/ExternalService.java b/src/main/java/org/gcube/common/authorization/library/policies/ExternalService.java
new file mode 100644
index 0000000..71ff445
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/library/policies/ExternalService.java
@@ -0,0 +1,23 @@
+package org.gcube.common.authorization.library.policies;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ExternalService extends UserEntity {
+
+	@Override
+	public UserEntityType getType() {
+		return UserEntityType.EXTERNALSERVICE;
+	}
+
+	@Override
+	public boolean isSubsetOf(UserEntity entity) {
+		if (entity.getType()== UserEntityType.EXTERNALSERVICE)
+			return entity.getIdentifier()==null || this.getIdentifier().equals(entity.getIdentifier()); 
+		else return false;
+	}
+
+}
diff --git a/src/main/java/org/gcube/common/authorization/library/policies/Policy.java b/src/main/java/org/gcube/common/authorization/library/policies/Policy.java
index 8e38520..d83be30 100644
--- a/src/main/java/org/gcube/common/authorization/library/policies/Policy.java
+++ b/src/main/java/org/gcube/common/authorization/library/policies/Policy.java
@@ -1,5 +1,7 @@
 package org.gcube.common.authorization.library.policies;
 
+import java.util.Calendar;
+
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlRootElement;
@@ -20,6 +22,10 @@ public abstract class Policy {
 	
 	public abstract ServiceAccess getServiceAccess();
 	
+	public abstract Calendar getCreationTime();
+	
+	public abstract Calendar getLastUpdateTime();
+	
 	public abstract String getContext();
 	
 	public abstract Action getMode();
diff --git a/src/main/java/org/gcube/common/authorization/library/policies/Service2ServicePolicy.java b/src/main/java/org/gcube/common/authorization/library/policies/Service2ServicePolicy.java
index cd92c6e..0bced5c 100644
--- a/src/main/java/org/gcube/common/authorization/library/policies/Service2ServicePolicy.java
+++ b/src/main/java/org/gcube/common/authorization/library/policies/Service2ServicePolicy.java
@@ -1,5 +1,7 @@
 package org.gcube.common.authorization.library.policies;
 
+import java.util.Calendar;
+
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlRootElement;
@@ -10,6 +12,8 @@ public class Service2ServicePolicy extends Policy{
 	
 	private ServiceEntity client;
 	private String context;
+	private Calendar lastUpdateTime;
+	private Calendar creationTime;
 	private ServiceAccess serviceAccess;
 	private Action mode = Action.ALL;
 	
@@ -103,6 +107,16 @@ public class Service2ServicePolicy extends Policy{
 		return this.mode;
 	}
 
+	@Override
+	public Calendar getCreationTime() {
+		return creationTime;
+	}
+
+	@Override
+	public Calendar getLastUpdateTime() {
+		return lastUpdateTime;
+	}
+
 	
 	
 }
diff --git a/src/main/java/org/gcube/common/authorization/library/policies/User2ServicePolicy.java b/src/main/java/org/gcube/common/authorization/library/policies/User2ServicePolicy.java
index c492d4f..845368e 100644
--- a/src/main/java/org/gcube/common/authorization/library/policies/User2ServicePolicy.java
+++ b/src/main/java/org/gcube/common/authorization/library/policies/User2ServicePolicy.java
@@ -1,5 +1,7 @@
 package org.gcube.common.authorization.library.policies;
 
+import java.util.Calendar;
+
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElementRef;
@@ -17,6 +19,8 @@ public class User2ServicePolicy extends Policy {
 	private UserEntity entity;
 	private String context;
 	private ServiceAccess serviceAccess;
+	private Calendar lastUpdateTime;
+	private Calendar creationTime;
 	
 	private Action mode = Action.ALL;
 	
@@ -54,6 +58,14 @@ public class User2ServicePolicy extends Policy {
 	public String getContext() {
 		return context;
 	}
+	
+	public Calendar getLastUpdateTime() {
+		return lastUpdateTime;
+	}
+
+	public Calendar getCreationTime() {
+		return creationTime;
+	}
 
 	@Override
 	public int hashCode() {
@@ -66,7 +78,7 @@ public class User2ServicePolicy extends Policy {
 				+ ((serviceAccess == null) ? 0 : serviceAccess.hashCode());
 		return result;
 	}
-
+	
 	@Override
 	public boolean equals(Object obj) {
 		if (this == obj)
diff --git a/src/main/java/org/gcube/common/authorization/library/policies/UserEntity.java b/src/main/java/org/gcube/common/authorization/library/policies/UserEntity.java
index 13303d7..c923578 100644
--- a/src/main/java/org/gcube/common/authorization/library/policies/UserEntity.java
+++ b/src/main/java/org/gcube/common/authorization/library/policies/UserEntity.java
@@ -18,7 +18,7 @@ public abstract class UserEntity {
 	private List<String> excludes = new ArrayList<String>();
 
 	public enum UserEntityType {
-		ROLE , USER
+		ROLE , USER, EXTERNALSERVICE
 	}
 
 	protected UserEntity() {
diff --git a/src/main/java/org/gcube/common/authorization/library/provider/ClientInfo.java b/src/main/java/org/gcube/common/authorization/library/provider/ClientInfo.java
index 062df8a..757caf9 100644
--- a/src/main/java/org/gcube/common/authorization/library/provider/ClientInfo.java
+++ b/src/main/java/org/gcube/common/authorization/library/provider/ClientInfo.java
@@ -10,7 +10,7 @@ import javax.xml.bind.annotation.XmlSeeAlso;
 
 @XmlRootElement
 @XmlAccessorType(XmlAccessType.FIELD)
-@XmlSeeAlso(value={UserInfo.class, ServiceInfo.class})
+@XmlSeeAlso(value={UserInfo.class, ServiceInfo.class, ExternalServiceInfo.class})
 public abstract class ClientInfo implements Serializable{
 
 	/**
@@ -21,7 +21,5 @@ public abstract class ClientInfo implements Serializable{
 	public abstract String getId();
 		
 	public abstract List<String> getRoles();
-
-	
 	
 }
diff --git a/src/main/java/org/gcube/common/authorization/library/provider/ExternalServiceInfo.java b/src/main/java/org/gcube/common/authorization/library/provider/ExternalServiceInfo.java
new file mode 100644
index 0000000..d2cdb5f
--- /dev/null
+++ b/src/main/java/org/gcube/common/authorization/library/provider/ExternalServiceInfo.java
@@ -0,0 +1,47 @@
+package org.gcube.common.authorization.library.provider;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ExternalServiceInfo extends ClientInfo{
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	private String id;
+	
+	private String generatedBy;
+	
+	public ExternalServiceInfo(String id, String generatedBy) {
+		super();
+		this.id = id;
+		this.generatedBy = generatedBy;
+	}
+	
+	protected ExternalServiceInfo() {
+		super();
+	}
+
+	@Override
+	public String getId() {
+		return id;
+	}
+	
+	public String getGeneratedBy() {
+		return generatedBy;
+	}
+
+	@Override
+	public List<String> getRoles() {
+		return Collections.emptyList();
+	}
+	
+}
diff --git a/src/main/resources/authorization-endpoint.xml b/src/main/resources/authorization-endpoint.xml
index f241a55..3eb6283 100644
--- a/src/main/resources/authorization-endpoint.xml
+++ b/src/main/resources/authorization-endpoint.xml
@@ -1 +1 @@
-<authorization-endpoint priority="10"><host>node7.d.d4science.research-infrastructures.eu</host><port>9000</port></authorization-endpoint>
\ No newline at end of file
+<authorization-endpoint priority="10" infrastructure="gcube"><host>node7.d.d4science.research-infrastructures.eu</host><port>9000</port></authorization-endpoint>
\ No newline at end of file
diff --git a/src/test/java/org/gcube/common/authorization/library/binder/EndpointBinder.java b/src/test/java/org/gcube/common/authorization/library/binder/EndpointBinder.java
index 17a30e4..fd0ae7c 100644
--- a/src/test/java/org/gcube/common/authorization/library/binder/EndpointBinder.java
+++ b/src/test/java/org/gcube/common/authorization/library/binder/EndpointBinder.java
@@ -3,7 +3,7 @@ package org.gcube.common.authorization.library.binder;
 import java.io.StringReader;
 import java.io.StringWriter;
 import java.util.Arrays;
-import java.util.List;
+import java.util.Map;
 
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
@@ -25,25 +25,26 @@ public class EndpointBinder {
 	public void bind() throws Exception{
 		JAXBContext context = getContext();
 		StringWriter sw = new StringWriter();
-		AuthorizationEndpoint ae1 = new AuthorizationEndpoint("/myInfra", 2, "146.48.85.179", 8080);
+		AuthorizationEndpoint ae1 = new AuthorizationEndpoint("myInfra", 2, "146.48.85.179", 8080);
 		context.createMarshaller().marshal(ae1, sw);
+		System.out.println(sw);
 		AuthorizationEndpoint ae2 = (AuthorizationEndpoint)context.createUnmarshaller().unmarshal(new StringReader(sw.toString()));
 		Assert.assertEquals(ae1, ae2);
 	}
 	
 	@Test
 	public void compare(){
-		AuthorizationEndpoint ae1 = new AuthorizationEndpoint("/myInfra", 2, "146.48.85.179", 8080);
-		AuthorizationEndpoint ae2 = new AuthorizationEndpoint("/myInfra", 1, "146.48.85.179", 8080);
+		AuthorizationEndpoint ae1 = new AuthorizationEndpoint("myInfra", 2, "146.48.85.179", 8080);
+		AuthorizationEndpoint ae2 = new AuthorizationEndpoint("myInfra", 1, "146.48.85.179", 8080);
 		
 		Assert.assertTrue(ae1.compareTo(ae2)>0);
 	}
 	
 	@Test
 	public void order(){
-		AuthorizationEndpoint ae1 = new AuthorizationEndpoint("/myInfra" ,2, "146.48.85.179", 8080);
-		AuthorizationEndpoint ae2 = new AuthorizationEndpoint("/myInfra" ,1, "146.48.85.179", 8080);
-		AuthorizationEndpoint ae3 = new AuthorizationEndpoint("/myInfra", 3, "146.48.85.179", 8080);
+		AuthorizationEndpoint ae1 = new AuthorizationEndpoint("myInfra" ,2, "146.48.85.179", 8080);
+		AuthorizationEndpoint ae2 = new AuthorizationEndpoint("myInfra" ,1, "146.48.85.179", 8080);
+		AuthorizationEndpoint ae3 = new AuthorizationEndpoint("myInfra", 3, "146.48.85.179", 8080);
 		
 		AuthorizationEndpoint[] arr1 = new AuthorizationEndpoint[]{ae1, ae2, ae3};
 		
@@ -57,7 +58,7 @@ public class EndpointBinder {
 	
 	@Test
 	public void scan(){
-		List<AuthorizationEndpoint> endpoints = AuthorizationEndpointScanner.endpoints();
+		Map<Integer, AuthorizationEndpoint> endpoints = AuthorizationEndpointScanner.endpoints();
 		System.out.println(endpoints);
 	}