The progressive miniaturization of computer-based devices and the ability to monitor an environment or perform demanding autonomous tasks revolutionize the way we live, learn and work today and in the future. Cyber-physical systems with the ability to communicate in various types form the Internet of Things (IoT). IoT is a paradigm which is already today used as a backbone technology in different application domains, for example, in Industry 4.0 or Smart Home. In order to prevent unauthorized access to resources on devices, the permissions of the requesting agent have to be checked. Centralized access control is one strategy for this task, but it prevents direct communication from device to device as desired in IoT. This paper describes the today’s IoT environments by example, shows up the problems establishing access control in such environments and outlines a solution. It introduces a distributed access control approach that works close to IoT devices with often unused computational power and that enables direct communication from device to device as desired in IoT.