Flexible Access Control Framework for MARC Records

Purpose – The goal of this paper is to propose a data access control framework that is used for editing MARC‐based bibliographic databases. In cases where the bibliographic record editing activities carried out in libraries are complex and involve many people with different skills and expertise, a way of managing the workflow and data quality is needed. Enforcing access control can contribute to these goals.Design/methodology/approach – The proposed solution for data access control enforcement is based on the well‐studied standard role‐based access control (RBAC) model. The bibliographic data, for the purpose of this system, is represented using the XML language. The software architecture of the access control system is modelled using the Unified Modelling Language (UML).Findings – The access control framework presented in this paper represents a successful application of concepts of role‐based access control to bibliographic databases. The use of XML language for bibliographic data representation provide...

[1]  Dragan Ivanovic,et al.  CERIF compatible data model based on MARC 21 format , 2011, Electron. Libr..

[2]  Dusan Surla,et al.  Modelling and implementation of catalogue cards using FreeMarker , 2009, Program.

[3]  Dusan Surla,et al.  Conversion of bibliographic records to MARC 21 format , 2009, Electron. Libr..

[4]  Makoto Murata,et al.  XML access control using static analysis , 2006, TSEC.

[5]  Dragan Ivanovic,et al.  Automated construction of the user interface for a CERIF-compliant research management system , 2011, Electron. Libr..

[6]  Elisa Bertino,et al.  Securing XML Documents with Author-X , 2001, IEEE Internet Comput..

[7]  Elisa Bertino,et al.  XML-based specification for Web services document security , 2004, Computer.

[8]  Ali Dehghantanha,et al.  A User-Centered Context-Sensitive Privacy Model in Pervasive Systems , 2010, 2010 Second International Conference on Communication Software and Networks.

[9]  Daling Wang,et al.  A Role and Context Based Access Control Model with UML , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[10]  Dusan Surla,et al.  Retrieval of bibliographic records using Apache Lucene , 2010, Electron. Libr..

[11]  Elisa Bertino,et al.  Access control for XML documents and data , 2004, Inf. Secur. Tech. Rep..

[12]  Mark Strembeck,et al.  An integrated approach to engineer and enforce context constraints in RBAC environments , 2004, TSEC.

[13]  Dušan Surla,et al.  XML editor for UNIMARC and MARC 21 cataloguing , 2009, Electron. Libr..

[14]  Hervé Martin,et al.  Using Context Quality Indicators for Improving Context-Based Access Control in Pervasive Environments , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[15]  Dusan Surla,et al.  XML editor for search and retrieval of bibliographic records in the Z39.50 standard , 2009, Electron. Libr..

[16]  Elisa Bertino,et al.  Access Control in Dynamic XML-Based Web-Services with X-RBAC , 2003, ICWS.

[17]  David W. Chadwick,et al.  Multi-session Separation of Duties (MSoD) for RBAC , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[18]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[19]  Jan H. P. Eloff,et al.  Separation of duties for access control enforcement in workflow environments , 2001, IBM Syst. J..

[20]  Jan H. P. Eloff,et al.  A framework for access control in workflow systems , 2001, Inf. Manag. Comput. Secur..

[21]  Dusan Surla,et al.  A library circulation system for city and special libraries , 2009, Electron. Libr..

[22]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[23]  Zora Konjovic,et al.  Extensible java EE-based agent framework and its application on distributed library catalogues , 2009, Comput. Sci. Inf. Syst..

[24]  Jussi Myllymaki,et al.  A function-based access control model for XML databases , 2005, CIKM '05.

[25]  Weili Han,et al.  Context-sensitive access control model and implementation , 2005, The Fifth International Conference on Computer and Information Technology (CIT'05).

[26]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[27]  Ernesto Damiani,et al.  Controlling Access to XML Documents , 2001, IEEE Internet Comput..

[28]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[29]  Branko Milosavljevic,et al.  Software architecture of distributed client/server library circulation system , 2010, Electron. Libr..

[30]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[31]  Patrick Röder,et al.  History-based access control for XML documents , 2007, ASIACCS '07.

[32]  Zora Konjovic,et al.  Context-Sensitive Access Control Model for Government Services , 2012, J. Organ. Comput. Electron. Commer..

[33]  Hong Zhu,et al.  A practical mandatory access control model for XML databases , 2009, Inf. Sci..

[34]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[35]  Jason Crampton,et al.  Applying hierarchical and role-based access control to XML documents , 2004, SWS '04.

[36]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[37]  Dragan Ivanovic,et al.  A CERIF data model extension for evaluation and quantitative expression of scientific research results , 2010, Scientometrics.

[38]  Dusan Surla,et al.  XML schema for UNIMARC and MARC 21 , 2010, Electron. Libr..

[39]  Yun Bai Access Control for XML Document , 2008, IEA/AIE.

[40]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[41]  Peng Liu,et al.  A Flexible Framework for Architecting XML Access Control Enforcement Mechanisms , 2004, Secure Data Management.

[42]  Dragan Ivanovic,et al.  A CERIF-compatible research management system based on the MARC 21 format , 2010, Program.

[43]  Zora Konjovic,et al.  Extensible Access Control Model for XML Document Collections , 2007, SECRYPT.