In distributed computing environments, users' privileges should be in synch with their current contexts in the enterprise: at any given time, the least privilege needed to accomplish a task should be assigned to a user. A conventional identity-based access control mechanism can suffice for applications accessed by a limited number of users with stable privilege assignments. However, the identity-based approaches are not scalable enough for distributed computing environments which support many users from different organizations.
Furthermore, access control methods known in the art use predefined sets of rules to make static access control decisions: once a set of privileges is assigned to a user, the user is typically allowed to use those privileges in different contexts within the enterprise. Thus, the known methods do not take into consideration the user's context change, but rather make access control decisions based upon the user's privileges upon log-on.
Thus, a need exists to provide an access control method to deal with core challenges in terms of context awareness, fine granularity, and scalability.