Usable access control for all

PANEL SUMMARY Managing access-control policies has traditionally been the domain of information security experts or system administrators, but is increasingly performed by individual consumers who may have no technical expertise. A variety of new applications create the need for consumers to use access control, including online social networks, online healthcare records databases, location-based mobile applications, mobile application stores, and cloud-based file shares. With these applications, data that is both personal and highly sensitive is being moved online, where it can be conveniently accessed by others. There are great benefits to be gained by making this sensitive data available to some--for example, by making an individual’s medical history available to healthcare providers---and great risks to making the data available to others---for example, making location data available to stalkers. Access-control technologies thus become the gateway to enabling applications to provide value through sharing data while keeping that data safe from those who should not be allowed to have it.