In recent years, increasing volumes of personal and sensitive data have been exchanged across Web-based systems and data ecosystems, raising important challenges related to data governance, trust, and regulatory compliance. To address these challenges, modern data-sharing architectures increasingly rely on policy-based access control mechanisms, which specify which actors are allowed to perform certain actions on particular resources. While such mechanisms provide an important foundation for regulating access to data, they typically focus on the moment when access is granted and do not sufficiently address how data may be used after access, nor the broader legal, contextual, and trust-related conditions that govern responsible data sharing. To overcome these limitations, usage control has emerged as an extension of traditional access control. Usage control enables policies that regulate not only access to data but also the conditions under which data may be used, reused, or processed over time. Implementing such mechanisms requires policy languages capable of expressing complex constraints, as well as authorisation infrastructures that can enforce and monitor these policies throughout the data lifecycle. At the same time, trustworthy data exchange on the Web requires mechanisms that go beyond simple policy enforcement. Data sharing must be accompanied by machine-readable metadata describing the legal, contextual, and trust-related properties of data, enabling systems to understand the intended use, provenance, and applicable constraints associated with a data resource. One promising approach to supporting such enriched data governance is the concept of trust envelopes, which encapsulate data together with metadata describing its permitted uses, origin, and associated legal conditions. This thesis explores how capabilities supporting trust envelopes and policy-aware usage control can be implemented within Web-based authorisation infrastructures. In particular, it investigates mechanisms for associating data resources with contextual and legal metadata and integrating this information into authorisation and usage control decisions. By enabling systems to reason about both policy constraints and the broader trust context of data exchange, the proposed approach contributes to the development of trustworthy, policy-aware Web infrastructures that support scalable, transparent, and legally aligned data sharing.