Databases Reference
In-Depth Information
dentials
, are sucient to decide which actions the requester is authorized to
perform on resources [11]. However, requester's credentials are not the only
information that should be considered in access control decisions. The rapid
development in the field of wireless and mobile networking fostered a new gen-
eration of devices suitable for being used as sensors by location technologies,
which are able to compute the relative position and movement of users in their
environment. Therefore, the location of users, potentially available to access
control modules, may also play an important role in determining access rights
and allows the definition of a new class of location-based policies regulating
access to and fruition of resources. When evaluating location-based access
control policies, however, we need to consider that location-based informa-
tion presents some peculiarities: location information is both
approximate
(all
location system have a margin of error) and
time-variant
(the user position
changes over time due to the on-going motion of requesters).
Location-based Access Control (LBAC) systems provide the infrastructure
for managing and evaluating access control policies that include predicates and
conditions based on the location information of users. LBAC systems should
be designed to tolerate rapid context changes, because users are no longer
forced to be at pre-defined fixed positions but they can freely access services
through their mobile devices (e.g., mobile phones).
2.1 Location-based Conditions and Predicates
The first step towards the development of a LBAC system consists in the defi-
nition of location-based conditions. We identify three main classes of location-
based conditions, which might be useful to include in access control policies
and whose evaluation is possible with today's technology [10]:
•
position-based
conditions on the location of the user (e.g., to evaluate
whether a user is in a certain building or city or in the proximity of other
entities);
•
movement-based
conditions on the mobility of the users (e.g., velocity,
acceleration, or direction where users are headed);
•
interaction-based
conditions relating multiple users or entities (e.g., the
number of users within a given area).
The language presented in [10] supports such conditions and is based on
the assumption that each user, who is unknown to the service responsible
for location measurements, is univocally identified via a user identifier (UID).
A unique identifier is also associated with physical and/or moving entities
that may need to be located (e.g., a vehicle with an on-board GPRS card).
A typical UID for location-based applications is the SIM number linking the
user's identity to a mobile terminal. Moreover, the language is also based
on the assumption that there is a set of map regions identified either via
a geometric model (i.e., a range in a n-dimensional coordinate space) or a
