Towards an Integrated Embedded Fine-Grained Information Protection Framework

To protect the security and privacy of sensitive digital information, it is often necessary to employ a variety of security mechanisms such as encryption, integrity control, authentication, and access control. This paper describes a framework that extends eXtensible Access Control Markup Language (XACML) for use as a container for embedding access control policy with the digital content in the same XACML document. The digital content can be further divided into multiple parts, each of which is encapsulated by its own access control policy. This integrated XACML policy and content document is further protected by using XML Encryption (XML-ENC) and XML Signature (XML-DSIG) mechanisms, as well as XML Key Management Specification (XKMS) for leveraging Public Key Infrastructure (PKI), all in support of the embedded and fine-grained structure. This framework and associated security mechanisms are designed primarily to facilitate the protection and sharing of sensitive information in transit and at rest, within and across organizational boundaries. This paper also describes a prototype implementation of the framework for feasibility study purpose.