Communications of the IIMA


Role-based Access Control (RBAC) became popular because it can handle the complicated enterprise-wide access requests while traditional access control models such as mandatory access control and discretionary access control cannot. However, it is not suitable for a mobile environment because (i) there is no central trusted authentication entity that activates each user’s roles, (ii) there are not many roles involved in such environment, and (iii) access control decisions depend on specific actions to be performed before the decision is taken. In this paper, we introduce a provisional authorization model with location-based predicates embedded in the policy specification languages. It includes three classes of location-based conditions such as position-based, movement-based, and interaction-based conditions. As a result, users can specify their own privacy/security policies in a mobile ad-hoc environment such as mobile auction markets.