Evidence-Based Access Control for Ubiquitous Web Services

We focus on using evidence for making access control deci- sions in ubiquitous computing environments. These environ- ments create new interaction scenarios that traditional access control approaches handle poorly. Our approach views ac- cess control as the filtering of messages between communi- cating services. Services are known only by name, and each service makes access control decisions based on local poli- cies and evidence it gathers about other services. We imple- ment our evidence-based approach with a mechanism anal- ogous to a network firewall, filtering messages going to and from a service. Our evidence-based firewall is responsible for managing evidence, laying a foundation for extensions to it that gather, trade, and evolve evidence over time. This organization leads to an ecosystem of evidence providers that evolve as technology and markets develop. We describe the design of our evidence-based access model, discuss us- age scenarios, and present preliminary results. The results suggest that this approach is flexible enough to accommo- date interesting ubiquitous computing scenarios and efficient enough to implement on small devices.1