In the future, a largely invisible and ubiquitous computing infrastructure
will assist people with a variety of activities in the home and at work.
The applications that will be deployed in such systems will create and
manipulate private information and will provide access to a variety of other
resources. Securing such applications is challenging for a number of
reasons. Unlike traditional systems where access control has been explored,
access decisions may depend on the context in which requests are made. We
show how the well-developed notion of roles can be used to capture
security-relevant context of the environment in which access requests are
made. By introducing environment roles, we create a uniform access control
framework that can be used to secure context-aware applications. We also
present a security architecture that supports security policies that make
use of environment roles to control access to resources
