Context-Dependent Access Control for Contextual Information

Following Mark Weiser´s vision of ubiquitous computing and calm technology, computer systems should run in the background, preferably without the user noticing it at all. The gathering and disclosure of contextual information on the one hand enables the improvement of system behaviour towards a more autonomous and adaptive behaviour but on the other hand raises privacy issues by disclosing personal data. Thus, a major challenge in ubiquitous computing environments is achieving a good balance between convenience and control over personal data. In this paper we describe an access control mechanism for context data that enables the user to control his personal data in a convenient and non-intrusive way. The approach is based on existing role-based access control mechanisms but extends them as follows. Firstly, our approach is owner-centric, i.e. it is under control of each user, to whom his context is propagated throughout the system. Secondly, our approach does not only control the access to context data but also utilizes context information to simplify the management of these control mechanisms to make the handling of access control more convenient to the user. And thirdly, it introduces individual roles for each user and thus replaces the centrally defined role model of common role-based access control by distinct models for each user. We have validated our approach based on an extended instant messaging system called Adaptive Multimedia Messenger, providing varying buddy information dependent on the access permission of the requesting user