An access control mechanism that implements access control at a container level is disclosed. In one implementation, the access control mechanism provides one or more access control services, and registers these services with a container. Once registered, the access control services are exposed to other applications in the container, and those applications can invoke the services to have the access control mechanism implement access control on their behalf. The access control mechanism implements access control for all applications within the container; thus, the applications do not need to implement their own access control mechanisms. In addition, the access control mechanism is not an operating system component. Thus, by relying on the access control mechanism for access control functionality, the applications are not relying on any operating system component. As a result, the applications, the container, and the access control mechanism can be ported to and run on other operating systems/platforms.