The first challenge that we tackle in this paper is how to conduct access control in ubiquitous environments where sites have to handle access requests from their own users as well as unknown users from foreign sites. We present a solution based on trust propagation. A recommendation from one site to another about the trustworthiness of an entity is the basis of trust propagation. An issue that we identify with this technique is that since the perception of trustworthiness is subjective, the meaning of a trust recommendation from one site to another may get misinterpreted. The result of such misinterpretations would be inaccurate trust propagation and hence inaccurate access control. Thus the second challenge that we address is how to use trust propagation without the negative effect of subjectivity. We use a method for eliminating subjectivity from trust recommendations which relies on the notion of percentiles. We illustrate the problem and the advantage of our access control model ...