: Stevens, G.; Wulf, V.

Abstract
Traditionally, access control is understood as a purely technical mechanism which rejects or accepts access attempts automatically according to a specific preconfiguration. However, such a perspective neglects the practices of access control and the embeddedness of technical mechanisms within situated action. In this article, we reconceptualize the issue of access control on a theoretical, methodological, and practical level. On a theoretical level, we develop a terminology to distinguish between access control practices and the technical support mechanisms. We coin the term Computer Supported Access Control (CSAC) to emphasize this perspective. On a methodological level, we discuss empirical investigations of access control behavior from a situated action perspective. We discovered a differentiated set of social practices around traditional access control systems. By applying these findings to a practical level, we enhance the design space of computer supported access controlmechanisms by suggesting a matrix of technical mechanisms which go beyond an ex-ante configuration.