Access Control to Information in Pervasive Computing Environments

Many types of information available in a pervasive computing environment, such as people location information, should not be available to just anyone. Instead, the environment should control access to it. Some properties of the information raise unique challenges for the design of an access control mechanism: Information can emanate from more than one source, it might change its nature or granularity before reaching its final receiver, and it might flow through nodes administrated by different entities. We propose three design principles for the architecture of an access control mechanism: identifying pieces of information in raw data streams early, defining policies controlling access at the information level, and exploiting information relationships for access control. We describe an example architecture in which we apply these principles. We also report how our earlier work about adding access control to a people location service contributed to the more general access control architecture proposed here.