A system for providing persistent access control of protected content is disclosed. The method on a client system includes sending a first request for authentication of the client to a server system. Subsequently, the client is authenticated by the server. Next, a user on the client attempts to access a file comprising a trailer and content encrypted with an encrypting key. Then, a second request for access to the content is sent to the server by the client, wherein an identifier from the trailer is included in the second request. The identifier identifies the content or an access control policy of the content. The server determines that the second request is in accordance with an access control policy associated with the content, and grants access to the content. Lastly, the client accesses the content in accordance with the access control policy.