This paper describes SecurSight, an architecture that combines authentication, authorization, and secure communications. The primary goal of this architecture is to secure access to network resources, while providing a smooth migration path from legacy authentication and authorization methods to a public-key infrastructure. Authentication may utilize either shared secrets or public/private key pairs. Authorization is public-key based and provides both direct support for PKI-aware applications and indirect support for legacy applications. Authorization credentials are portable, and may be used in location-independent fashion, without the need for cumbersome export and import procedures.