As a result, the privilege is embedded into an authorization token which is delivered to the subject. Then, in the second phase, during the token proving stage, such a user tries to get access a specific IoT Service. For this purpose, she sends a request, in which the token and the magnetic field values obtained from our indoor location enabler are attached, as described in [13].