Protecting XML documents

The World Wide Web (Web) has become the main information dissemination means in private and public organizations. As a consequence, several applications at both at Internet, and intranet levels need mechanisms supporting a selective access to data available over the Web. In this context, developing an access control model system for data and documents encoded according to XML (eXtensible Markup Language) is an important step. XML has recently emerged as the most relevant standardization effort in the area of document representation through markup languages. Its goal is to provide a language for encoding documents that is easier to learn and use than SGML and semantically richer than HTML. Because XML documents can contain information at different degrees of sensitivity, there is a strong need for models and mechanisms enabling the specification and enforcement of access control policies. In general, an access control policy states which subjects can access which objects under which mode within a given organization. Once access control policies are stated, they are implemented by an access control mechanism. It is worth noting that even though access control does not address all issues related with XML document protection, such as integrity and copyright protection, it is a relevant component of any system aiming at ensuring document protection in open distributed environments.