An Authorization Model for Multi-Provider Queries