Abstract
XML, a self-describing and semi-structured data format, is becoming a standard to represent and exchange data between applications across the Web. XML repositories are also starting to be used either to store data or as an interoperability layer for legacy applications and data sources. The widespread use of XML highlights the need for flexible access control models for XML documents to protect sensitive and valuable information from unauthorised access. This paper presents a novel declarative access control model and elaborates how this model allows the expression of access control rules in XML. The paper further introduces the operational semantics of the model by describing the Xplorer engine which supports search-browse-navigate activities on XML repositories. Xplorer takes as inputs XML-based data schema, instance data and access control rules to auto-generate an access control-enabled Web application in accordance with these rules.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
W3C-XML, Extensible Markup Language (XML) (2004)
Steele, R., Gardner, W., Dillon, T.S.: Xplorer: A Generic Search and Navigation Application for Semi-structured Data Repositories. In: 3rd International Conference on Communications, Internet, and Information Technology, CIIT 2004 (2004)
Agrawal, R., Gehani, N.H., Srinivasan, J.: OdeView: the graphical interface to Ode. In: Proceedings of the International Conference on Management of Data (1990)
Dar, S., Gehani, N.H., Jagadish, H.V., Srinivasan, J.: Queries in an Object-Oriented Graphical Interface. Journal of Visual Languages and Computing 6(1), 27–52 (1995)
Carey, M., Haas, L., Maganty, V., Williams, J.: PESTO: an integrated query/browser for object databases. In: Proceedings of the International Conference on Very Large Databases, VLDB (1996)
Munroe, K.D., Papakonstantinou, Y.: BBQ: A Visual Interface for Integrated Browsing and Querying of XML. In: Proceedings of the International Conference on Very Large Databases, VLDB (2000)
Petropoulos, M., Vassalos, V., Papakonstantinou, Y.: XML query forms (XQForms): declarative specification of XML query interfaces. In: Proceedings of the International conference on World Wide Web (2001)
Mukhopadhyay, P., Papakonstantinou, Y.: Mixing querying and navigation in MIX. In: Proceedings of the 18th International Conference on Data Engineering (2002)
Steele, R., Dillon, T.: Ontology Driven System for Mobile Device Access of Electronic Health Records. In: Proceedings of the 3rd Int. Conf. of Mobile Business 2004, New York, US, July 12-13 (2004)
Steele, R., Ventsov, Y., Dillon, T.: Object-Oriented Database-based Architecture for Mobile Enterprise Applications. In: Proceedings of the IEEE ITCC 2004 (2004)
Steele, R., Ventsov, Y., Dillon, T.S.: XML Schema-based Discovery and Invocation of Mobile Services. In: Proceedings of the IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004 (2004)
Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Proceedings of the 7th ACM conference on Computer and communications security, CCS (2000)
Bertino, E., Castano, S., Ferrari, E.: Securing XML documents with Author-X. IEEE Internet Computing 5(3), 21–31 (2001)
Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security (TISSEC) 5(3), 290–331 (2002)
Damiani, E., Samarati, P., De Capitani di Vimercati, S., Paraboschi, S.: Controlling access to XML documents. IEEE Internet Computing 5(6), 18–28 (2001)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC) 5(2), 169–202 (2002)
Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proceedings of the the 15th Annual Conference on Database Security (2001)
OASIS, eXtensible Access Control Markup Language (XACML) version 1.0 (2003)
W3C-XPath, XML Path Language (XPath) Version 1.0 (1999)
W3C-XSL, Extensible Stylesheet Language (XSL) (2003)
Goel, S.K., Clifton, C., Rosenthal, A.: Derived access control specification for XML. In: Proceedings of the Workshop on XML Security (2003)
W3C-XQuery, XQuery 1.0: An XML Query Language (2004)
Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proceedings of the VLDB (2003)
Fan, W., Chan, C.-Y., Garofalakis, M.: Secure XML querying with security views. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, SIGMOD 2004 (2004)
Rajugan, R., Chang, E., Dillon, T.S., Feng, L.: XML Views: Part I. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 148–159. Springer, Heidelberg (2003)
Nassis, V., Rajugan, R., Dillon, T.S., Rahayu, W.: Conceptual Design of XML Document Warehouses. In: Kambayashi, Y., Mohania, M., Wöß, W. (eds.) DaWaK 2004. LNCS, vol. 3181, pp. 1–14. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Steele, R., Gardner, W., Dillon, T.S., Erradi, A. (2005). XML-Based Declarative Access Control. In: Vojtáš, P., Bieliková, M., Charron-Bost, B., Sýkora, O. (eds) SOFSEM 2005: Theory and Practice of Computer Science. SOFSEM 2005. Lecture Notes in Computer Science, vol 3381. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30577-4_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-30577-4_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24302-1
Online ISBN: 978-3-540-30577-4
eBook Packages: Computer ScienceComputer Science (R0)