Methods and apparatus, including computer program products, related to dynamic binding of access and usage rights to a computer-based resource. In general, data characterizing a request for content is received, a determination as to whether first security credentials authenticate a user is made, and, if so and the user is authorized to access or use the content, security is of the content is replaced. Replacing security may involve removing the security from the content in accordance with second security credentials. The removal of security may enable the user to perform actions to the content. The removal of security may be followed with an addition of security of a second type such that content is moved from a first trusted environment to a second trusted environment.