Ubiquitous computing uses a variety of information for which access
needs to be controlled. For instance, a person's current location is a
sensitive piece of information, which only authorized entities should
be able to learn. Several challenges arise in the specification and
implementation of policies controlling access to location
information. For example, there can be multiple sources of location
information, the sources can be within different administrative
domains, different administrative domains might allow different
entities to specify policies, and policies need to be flexible. We
address these issues in our design of an access control mechanism for
a people location system. Our design encodes policies as digital
certificates. We present an example implementation based on SPKI/SDSI
certificates. Using measurements, we quantify the influence of access
control on query processing time. We also discuss trade-offs between
RSA-based and DSA-based signature schemes for digital certificates.