Security requirements for a system may be represented symbolically as a policy specification. This enables mechanical translation of the policy into a set of enforcement actions, eliminating many steps at which human error can creep in. As the ``semantic gap'' between high-level (and global) policies and low-level (and highly localized) enforcement actions seems particularly large, we believe that a good choice of abstraction coupled to a set of translation tools can have significant operational impact on system security. This impact is particularly strong for complex systems such as those constructed from decentralized components. I'll talk Canon, an architecture for specifying and enforcing consistent security policies across heterogeneous distributed systems. Canon consists of a policy language, an adaptation layer supporting the policy to enforcement mapping, and runtime support for policy coordination in a decentralized computing environment.