Integrating Access Control Obligations in the Session Initiation Protocol for Pervasive Computing Environments

The widely use of advanced technologies in the sensor network and computing has facilitated the development of convenient pervasive applications in order to access information at anytime and anywhere. The traditional access control mechanisms cannot appropriately protect the access and usage of digital resources in the highly distributed and heterogeneous computing environment. In such an environment, enforcing continuously the access control policies during the access period is a challenge because traditional authorization decisions are generally made at the time of access requests but do not consider ongoing controls. Obligations are the vital part of many access control policies and they specify mandatory behavior that should be conducted by a user of the access control system in sensitive domains. Therefore, utilizing a mechanism to approve the fulfillment of the obligation is required for continuing or revoking the access decision. We leveraged the capability of Session Initiation Protocol (SIP) to manage the communication between entities in order to provide a mechanism to handle the continuous enforcement of the obligation. Meanwhile, we present several scenarios which indicate our proposed model can manage the obligatory behavior that affects the continuity of access to resources in pervasive computing environment.