This paper presents an context based access control model based on
Organization based access control.
Or-BAC allows one to specify access control for an organization. In Or BAC
there are 3 relations: Empower between organizations, subjects and roles.
Use between organizations, objects and views and consider between
organizations, actions and activities.  Rules are one of 3 types:
Permission, obligation, and prohibition. A rule is defined as a set of
conditions on the subject, the action and the object. 
The authors define a extension to this concept that allows contexts to be
specified. The authors define 5 different kinds of contexts.
Temporal context allows rules to based on time
Spatial context allows rules to based on the origin location of a request
User declared context allows a rule to be based on a subject's purpose
Provisional contexts allow rules to enforce something to have happened
before this is activates
Prerequisite contexts allow rules to be specified based on actions
previously performed in the system

Pros:
- integrating context into access control policy
- Health care policies
- Trying to provide an organization based thing of doing thing
- Interoperability between domains
- Groups actions and objects
- Different types of contexts
- Easier and more manageable

Cons
- Not clear how Org effects the model and how different organizations
- Context Taxonomy 
- User defined and provisional 
- What use can come for user declared contexts
- No implementations

Reject - 4
Accept - 7