Cross-authentication among caches, or multiple AFS cells, will require a security model and implementation of that model both within a site and across sites. Caches will also eventually have to accommodate more secure versions of Mosaic that selectively make documents available to authenticated clients, without exposing cached documents to unauthenticated clients.