diff --git a/data/grid5000/services/authorization.json b/data/grid5000/services/authorization.json
new file mode 100644
index 0000000000000000000000000000000000000000..15657f050032ab40dec23c5a232dbe4d4a9c7999
--- /dev/null
+++ b/data/grid5000/services/authorization.json
@@ -0,0 +1,9 @@
+{
+  "contact": "cyril.rohr@irisa.fr",
+  "description": "Returns the access policy for a particular service accessed by a given user.",
+  "doc": "\/authorization\/doc",
+  "name": "Authorization",
+  "type": "service",
+  "uid": "authorization",
+  "uri": "\/authorization"
+}
\ No newline at end of file
diff --git a/data/grid5000/services/jobsets.json b/data/grid5000/services/jobsets.json
new file mode 100644
index 0000000000000000000000000000000000000000..11c9a7668df8cd0b81d0f1f8b40b58590ff4ef59
--- /dev/null
+++ b/data/grid5000/services/jobsets.json
@@ -0,0 +1,30 @@
+{
+  "description": "Manages the creation\/deletion and update of job sets.",
+  "doc": "\/jobsets\/doc",
+  "name": "Jobsets",
+  "policies": {
+    "DELETE": {
+      "admin_groups": "CT",
+      "authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
+      "user_must_be_owner": true
+    },
+    "GET": {
+      "admin_groups": "CT",
+      "authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
+      "user_must_be_owner": true
+    },
+    "POST": {
+      "admin_groups": "CT",
+      "authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
+      "user_must_be_owner": true
+    },
+    "PUT": {
+      "admin_groups": "CT",
+      "authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
+      "user_must_be_owner": true
+    }
+  },
+  "type": "service",
+  "uid": "jobsets",
+  "uri": "\/jobsets"
+}
\ No newline at end of file
diff --git a/data/grid5000/services/oar.json b/data/grid5000/services/oar.json
new file mode 100644
index 0000000000000000000000000000000000000000..289807107cdd8f40b9ed29be7e0c95940af607a9
--- /dev/null
+++ b/data/grid5000/services/oar.json
@@ -0,0 +1,9 @@
+{
+  "contact": "bruno.bzeznik@imag.fr",
+  "description": null,
+  "doc": null,
+  "name": "OAR",
+  "type": "service",
+  "uid": "oar",
+  "uri": "\/oar-site"
+}
\ No newline at end of file
diff --git a/data/grid5000/services/statuses.json b/data/grid5000/services/statuses.json
new file mode 100644
index 0000000000000000000000000000000000000000..03c21bbba921881d4b8228d65be5592c168d35fc
--- /dev/null
+++ b/data/grid5000/services/statuses.json
@@ -0,0 +1,9 @@
+{
+  "contact": "cyril.rohr@irisa.fr",
+  "description": "Returns the status of a given resource.",
+  "doc": "\/statuses\/doc",
+  "name": "Statuses",
+  "type": "service",
+  "uid": "statuses",
+  "uri": "\/statuses"
+}
\ No newline at end of file
diff --git a/generators/input/services.rb b/generators/input/services.rb
index 7dccb16f6981269de8f82e921f7d43667a22341b..ba6a45f222666012af64bdcb0d28a94da0d5ebd2 100644
--- a/generators/input/services.rb
+++ b/generators/input/services.rb
@@ -1 +1,41 @@
-# TODO: services and their access policies
\ No newline at end of file
+# +policies+ is a hash describing the policies for authorizing or refusing access to a particular operation on a specific service:
+#   * the key is the name of the operation (in the case of REST APIs, the operation should be one of the HTTP methods);
+#   * the value is a hash that must contain:
+#     - a comma separated list of +authorized_groups+ ("*" if no restriction),
+#     - a +user_must_be_owner+ boolean indicating if the user requesting the resource must also own it and,
+#     - a comma separated list of +admin_groups+, who will be able to access the resource even if they do not own it.
+# No +policies+ means that the authorization decision is delegated to the API receiving the request.
+service :authorization do
+  name "Authorization"
+  description "Returns the access policy for a particular service accessed by a given user."
+  doc "/authorization/doc"
+  uri "/authorization"
+  contact "cyril.rohr@irisa.fr"
+end
+
+service :jobsets do
+  name "Jobsets"
+  description "Manages the creation/deletion and update of job sets."
+  uri "/jobsets"
+  doc "/jobsets/doc"
+  policies( 'GET' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true},
+            'POST' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true},
+            'DELETE' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true},
+            'PUT' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true}  )
+end
+
+service :statuses do
+  name "Statuses"
+  uri "/statuses"
+  doc "/statuses/doc"
+  contact "cyril.rohr@irisa.fr"
+  description "Returns the status of a given resource."
+end
+
+service :oar do
+  name "OAR"
+  uri "/oar-site"
+  doc
+  contact "bruno.bzeznik@imag.fr"
+  description
+end
\ No newline at end of file
diff --git a/generators/lib/g5k_generator.rb b/generators/lib/g5k_generator.rb
index fea3fddd97c1a23b90b1e4881c5c07f901dce55f..53046e7024e732695cc8c7309dde8866cbd6ea11 100755
--- a/generators/lib/g5k_generator.rb
+++ b/generators/lib/g5k_generator.rb
@@ -1,4 +1,6 @@
 module G5K
+  SITES = %w{rennes grenoble bordeaux toulouse sophia orsay nancy lille lyon}
+  
   class Tree < Hash
     attr_reader :contents, :path
     def write(repository, &block)
@@ -48,14 +50,14 @@ module G5K
     end
   end
 
-class ReferenceGenerator
+class ReferenceGenerator  
   attr_reader :data
   
   def method_missing(method, *args)
     @context.recursive_merge!(method.to_sym => args.first)
   end
   
-  %w{site cluster environment node}.each do |method|
+  %w{site cluster environment node service}.each do |method|
     define_method(method) do |uid, *options, &block|
       key = method.pluralize.to_sym
       uid = uid.to_s