Towards semantics-aware access control