diff --git a/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java b/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java
index e6366c1..025cdcf 100644
--- a/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java
+++ b/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java
@@ -9,7 +9,11 @@ import javax.xml.bind.annotation.XmlElementRefs;
 import javax.xml.bind.annotation.XmlRootElement;
 
 import org.gcube.common.authorization.library.policies.Policy;
+import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
+import org.gcube.common.authorization.library.policies.User2ServicePolicy;
 import org.gcube.common.authorization.library.provider.ClientInfo;
+import org.gcube.common.authorization.library.provider.ServiceInfo;
+import org.gcube.common.authorization.library.provider.UserInfo;
 import org.gcube.common.scope.api.ServiceMap;
 import org.gcube.common.scope.impl.DefaultServiceMap;
 
@@ -17,10 +21,18 @@ import org.gcube.common.scope.impl.DefaultServiceMap;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class AuthorizationEntry {
 
+	@XmlElementRefs({
+		@XmlElementRef(type = UserInfo.class),
+		@XmlElementRef(type = ServiceInfo.class),
+	})
 	ClientInfo clientInfo;
 	private String context;
 	@XmlElementRefs({@XmlElementRef(type=DefaultServiceMap.class)})
 	private ServiceMap map;
+	@XmlElementRefs({
+		@XmlElementRef(type = Service2ServicePolicy.class),
+		@XmlElementRef(type = User2ServicePolicy.class),
+	})
 	private List<Policy> policies;
 	
 	protected AuthorizationEntry(){}
diff --git a/src/main/java/org/gcube/common/authorization/library/policies/Policy.java b/src/main/java/org/gcube/common/authorization/library/policies/Policy.java
index d51b3c2..43c5ab6 100644
--- a/src/main/java/org/gcube/common/authorization/library/policies/Policy.java
+++ b/src/main/java/org/gcube/common/authorization/library/policies/Policy.java
@@ -3,12 +3,14 @@ package org.gcube.common.authorization.library.policies;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSeeAlso;
 
 @XmlRootElement
 @XmlAccessorType(XmlAccessType.FIELD)
+@XmlSeeAlso({User2ServicePolicy.class, Service2ServicePolicy.class})
 public abstract class Policy {
 	
-	private long id;
+	protected long id;
 	
 	protected Policy() {}
 		
diff --git a/src/main/java/org/gcube/common/authorization/library/policies/Service2ServicePolicy.java b/src/main/java/org/gcube/common/authorization/library/policies/Service2ServicePolicy.java
index a988c3f..6795743 100644
--- a/src/main/java/org/gcube/common/authorization/library/policies/Service2ServicePolicy.java
+++ b/src/main/java/org/gcube/common/authorization/library/policies/Service2ServicePolicy.java
@@ -85,7 +85,7 @@ public class Service2ServicePolicy extends Policy{
 	@Override
 	public String toString() {
 		return "Service2ServicePolicy [client=" + client + ", environment="
-				+ context + ", serviceAccess=" + serviceAccess + "]";
+				+ context + ", serviceAccess=" + serviceAccess + ", id = "+id+"]";
 	}
 
 	
diff --git a/src/main/java/org/gcube/common/authorization/library/policies/User2ServicePolicy.java b/src/main/java/org/gcube/common/authorization/library/policies/User2ServicePolicy.java
index 05c2f69..9eae5ba 100644
--- a/src/main/java/org/gcube/common/authorization/library/policies/User2ServicePolicy.java
+++ b/src/main/java/org/gcube/common/authorization/library/policies/User2ServicePolicy.java
@@ -2,13 +2,18 @@ package org.gcube.common.authorization.library.policies;
 
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlElementRefs;
 import javax.xml.bind.annotation.XmlRootElement;
 
 @XmlRootElement
 @XmlAccessorType(XmlAccessType.FIELD)
 public class User2ServicePolicy extends Policy {
 
-	
+	@XmlElementRefs({
+		@XmlElementRef(type = User.class),
+		@XmlElementRef(type = Role.class),
+	})
 	private UserEntity entity;
 	private String context;
 	private ServiceAccess serviceAccess;
@@ -85,7 +90,7 @@ public class User2ServicePolicy extends Policy {
 	@Override
 	public String toString() {
 		return "User2ServicePolicy [entity=" + entity + ", environment="
-				+ context + ", serviceAccess=" + serviceAccess + "]";
+				+ context + ", serviceAccess=" + serviceAccess + ", id = "+id+"]";
 	}
 	
 }
diff --git a/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java b/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java
index b0e6b6c..e8d46f8 100644
--- a/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java
+++ b/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java
@@ -1,6 +1,5 @@
 package org.gcube.common.authorization.library.provider;
 
-import java.util.Collections;
 import java.util.List;
 
 import javax.xml.bind.annotation.XmlAccessType;
@@ -18,7 +17,7 @@ public class UserInfo extends ClientInfo {
 	private static final long serialVersionUID = 1L;
 	
 	private String clientId;
-	private List<String> roles = Collections.emptyList();
+	private List<String> roles = null;
 	
 	protected UserInfo(){}