Bridging the Policy Gap in Pervasive Access Control: A Semantic Web Approach Anand Dersingh 1 , Ramiro Liscano 2 , and Allan Jost 1 1 Faculty of Computer Science, Dalhousie University, Halifax NS B3H 1W5, Canada dersingh, jost@cs.dal.ca 2 Faculty of Engineering and Applied Science, University of Ontario Institute of Technology, Oshawa ON L1H 7K4, Canada rliscano@ieee.org Abstract. Access control is a means to protect unauthorized access to services. Controlling access in pervasive environments is crucial and a significant challenge. Users and devices are mobile and can connect from anywhere which results in users and resources becoming available at any point of time and location depending on the situation. Access policies for these types of situations are required to conform to high-level busi- ness agreements. In other words, there needs to be a policy system that fully understands and interprets high-level notions. In pervasive environ- ments, these high-level notions refer to contexts of the situation which can change unpredictably and must be interpreted correctly to maintain proper access control. It is necessary to have a formal representation of the context that can be shared and understood by the policy system. The policy system must also be able to change the access rights in re- sponse to a change in the situation. This paper addresses these issues by using a semantic web approach to represent domain knowledge and access control policies in a meaningful way. Key words: Semantic Web, Policy, Context-Aware, Access Control, Pervasive Computing 1 Introduction Computing is moving towards pervasive, ubiquitous environments in which de- vices, software agents, and services are all expected to seamlessly integrate and cooperate in support of human objectives - anticipating needs, negotiating for service, acting on our behalf, and delivering services in an anytime, anywhere fashion [1]. The increase in portable devices creates a situation where a user’s context, such as physical location and activities, is more dynamic. This intro- duces a new class of services called context-aware services which take the user’s context into account. In pervasive computing environments, technologies are ex- pected to remain invisible from the user’s point of view. This is why contextual information plays an important role. The idea of using contextual information