Context-Based Access Control

December 13, 2016

Context-based access control addresses the need to limit access levels based on domain-specific constraints, such as the audience present, the networks utilized, the location occupied, etc.

Given two users, two resources, and access levels:

  O          .                  O
 -+- ------> ├── file1         -+-
  |  ------> ├── file2 <------  |
 / \         └── file3 <------ / \

User1        Resources        User2

If User1 and User2 are having a conversation, they are limited to discussing file2, since the intersection of their accesses excludes file1 and file3.

This also works for grantees that aren’t users:

  O          .                 .~~~~~~.
 -+- ------> ├── file1         ;      ;
  |  ------> ├── file2 <------ ;      ;
 / \         └── file3 <------ '~~~~~~'

User1        Resources        Office LAN

If User1 needs to access file2, it must be done from Office LAN, since only the intersection of their accesses includes file2.