Context-based access control addresses the need to limit access levels based on domain-specific constraints, such as the audience present, the networks utilized, the location occupied, etc.
Given two users, two resources, and access levels:
o .
/|\ ------> ├── file1 o
/ \ ------> ├── file2 <------ /|\
└── file3 <------ / \
User1 Resources User2
User1
has access to file1
and
file2
User2
has access to file2
and
file3
If User1
and User2
are having a
conversation, they are limited to discussing file2
, since
the intersection of their accesses excludes file1
and
file3
.
This also works for grantees that aren't users:
o . .~~~~~~.
/|\ ------> ├── file1 ; ;
/ \ ------> ├── file2 <------ ; ;
└── file3 <------ '~~~~~~'
User1 Resources Office LAN
User1
has access to file1
and
file2
Office LAN
has access to file2
and
file3
If User1
needs to access file2
, it must be
done from Office LAN
, since only the intersection of their
accesses includes file2
.