In the future, a largely invisible and ubiquitous computing infrastructure will assist people with a variety of activities in the home and at work. The applications that will be deployed in such systems will create and manipulate private information and will provide access to a variety of other resources. Securing such applications is challenging for a number of reasons. Unlike traditional systems where access control has been explored, access decisions may depend on the context in which requests are made. We show how the well-developed notion of roles can be used to capture security-relevant context of the environment in which access requests are made. By introducing environment roles, we create a uniform access control framework that can be used to secure context-aware applications. We also present a security architecture that supports security policies that make use of environment roles to control access to resources.