Authorisation in context: Incorporating context-sensitivity into an access control framework

With sensitive information about ourselves now distributed across personal devices, people need to make access control decisions for different contexts of use. However, despite advances in improving the usability of access control for both developers and users, we still lack insights about how the intentions behind policy decisions in different contexts of use are shaped. In this paper, we describe how context was incorporated into an access control framework using a study of how context influences access control decision making. We describe how the main recommendations arising from this study were used to build context into a policy editor for this access control framework