diff --git a/api/src/com/cloud/acl/SecurityChecker.java b/api/src/com/cloud/acl/SecurityChecker.java
new file mode 100644
index 00000000000..42e97eb645f
--- /dev/null
+++ b/api/src/com/cloud/acl/SecurityChecker.java
@@ -0,0 +1,64 @@
+/**
+ * 
+ */
+package com.cloud.acl;
+
+import com.cloud.domain.PartOf;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.user.Account;
+import com.cloud.user.OwnedBy;
+import com.cloud.user.User;
+import com.cloud.utils.component.Adapter;
+
+/**
+ * SecurityChecker checks the ownership and access control to objects within
+ * the management stack for users and accounts. 
+ */
+public interface SecurityChecker extends Adapter {
+    /**
+     * Checks if the account owns the object.
+     * 
+     * @param account account to check against.
+     * @param object object that the account is trying to access.
+     * @return true if access allowed.  false if this adapter cannot authenticate ownership.
+     * @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed.
+     */
+    boolean checkOwnership(Account account, OwnedBy object) throws PermissionDeniedException;
+    
+    /**
+     * Checks if the user belongs to an account that owns the object.
+     * 
+     * @param user user to check against.
+     * @param object object that the account is trying to access.
+     * @return true if access allowed.  false if this adapter cannot authenticate ownership.
+     * @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed.
+     */
+    boolean checkOwnership(User user, OwnedBy object) throws PermissionDeniedException;
+    
+    /**
+     * Checks if the account can access the object.
+     * 
+     * @param account account to check against.
+     * @param object object that the account is trying to access.
+     * @return true if access allowed.  false if this adapter cannot provide permission.
+     * @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed.
+     */
+    boolean checkAccess(Account account, PartOf object) throws PermissionDeniedException;
+
+    /**
+     * Checks if the user belongs to an account that can access the object.
+     * 
+     * @param user user to check against.
+     * @param object object that the account is trying to access.
+     * @return true if access allowed.  false if this adapter cannot authenticate ownership.
+     * @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed.
+     */
+    boolean checkAccess(User user, PartOf object) throws PermissionDeniedException;
+
+// We should be able to use this method to check against commands.  For example, we can
+// annotate the command with access annotations and this method can use it to extract
+// OwnedBy and PartOf interfaces on the object and use it to verify against a user.
+// I leave this empty for now so Kris and the API team can see if it is useful.
+//    boolean checkAuthorization(User user, Command cmd) throws PermissionDeniedException;
+
+}
diff --git a/core/src/com/cloud/user/User.java b/api/src/com/cloud/user/User.java
similarity index 100%
rename from core/src/com/cloud/user/User.java
rename to api/src/com/cloud/user/User.java
diff --git a/build/build.number b/build/build.number
index 30f89d5f59b..0216cfc6927 100644
--- a/build/build.number
+++ b/build/build.number
@@ -1,3 +1,3 @@
 #Build Number for ANT. Do not edit!
-#Wed Aug 18 11:29:13 PDT 2010
-build.number=64
+#Thu Aug 19 09:21:10 PDT 2010
+build.number=65