In a pervasive computing environment, context plays an important role. Services are provided in a smart way based on the surrounding conditions (i.e., contextual attributes). From a security perspective, security services such as access control have to reflect this fact and be context-aware. With that in mind, consider the following scenario:

Alice, a security researcher, thinks that the role-based access control(RBAC) model, along with all traditional access control models, is not suitable. Bob thinks the opposite. Bob thinks RBAC, for instance, could be used to grant/deny permissions in such an environment.

For this Discussion, you will consider the current access control models you have seen so far and align yourself with either Alice or Bob.

 

To complete this Discussion:

 

Post: Take a position in which you agree with either Alice or Bob as described in the example, or if you are somewhere in between. Evaluate the suitability of role-based access control(RBAC) for accommodating contextual information in the access control decision-making process. Identify and describe any obstacles, and explain your solutions for them. Given the access policy, evaluate whether or not Extensible Access Control Markup Language (XACML) could be used to express the contextual attributes.