Design and implementation of an access control processor for XML documents

Abstract More and more information is distributed in XML format, both on corporate Intranets and on the global Net. In this paper an Access Control System for XML is described allowing for definition and enforcement of access restrictions directly on the structure and content of XML documents, thus providing a simple and effective way for users to protect information at the same granularity level provided by the language itself.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[3]  Nicholas Bohm,et al.  Digital Signatures, Certificates and Electronic Commerce , 1999 .

[4]  Teresa F. Lunt,et al.  Access Control Policies for Database Systems , 1988, DBSec.

[5]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.

[6]  José Kahan WDAI: A Simple World Wide Web Distributed Authorization Infrastructure , 1999, Comput. Networks.

[7]  Roy T. Fielding,et al.  Uniform Resource Identifiers (URI): Generic Syntax , 1998, RFC.

[8]  Elisa Bertino,et al.  An Authorization Model for a Distributed Hypertext System , 1996, IEEE Trans. Knowl. Data Eng..

[9]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[10]  Letizia Tanca,et al.  XML-GL: A Graphical Language for Querying and Restructuring XML Documents , 1999, SEBD.

[11]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[12]  Mary Ellen Zurko,et al.  A user-centered, modular authorization service built on an RBAC foundation , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).