Context-sensitive authorization in interaction patterns

摘要

Main requirement of recent computing environments, like mobile and then ubiquitous computing, is to adapt applications to context. On the other hand, access control generally trust users once they have authenticated, despite the fact that they may reach unauthorized situations. We analyse how dynamic information can be used to improve security in the authorization process, and what are the implications when applied to interaction patterns. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS).