Management of access control policies for XML document sources

  • Barbara Carminati
  • Elena Ferrari
Regular contribution


The development of suitable mechanisms for securing XML documents is becoming an urgent need since XML is evolving into a standard for data representation and exchange over the Web. To answer this need, we have designed Author-X [1, 3], a Java-based system specifically conceived for the protection of XML documents. Distinguishing features of the access control model of Author-X are the support for a wide range of protection granularity levels and for subject credentials. Another key characteristic of Author-X is the enforcement of different access control strategies for document release: besides the traditional, on user demand, mode of access control, Author-X also supports push distribution, for document dissemination. Managing an access control system based on such a flexible and expressive model requires the design and implementation of suitable administration tools to help the Security Administrator in efficiently performing administrative operations related to access control policies management. In this paper, we present the strategies and related algorithms we have devised for policy management in Author-X , with particular emphasis on information push support. In the paper, besides presenting the algorithms and the related data structures, we provide a complexity study of the proposed algorithms. Additionally, we describe the implementation of the proposed algorithms in the framework of Author-X .


XML Policy Management Push distribution mode Access control 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bertino E, Castano S, Ferrari E (2001) Author-X: a comprehensive system for securing XML documents. IEEE Internet Comput 5(3):21–31 Google Scholar
  2. 2.
    Bertino E, Castano S, Ferrari E (May 2001) On specifying security policies for Web documents with an XML-based language. In: Proc. of SACMAT’2001, ACM Symposium on Access Control Models and Technologies, Fairfax, VA Google Scholar
  3. 3.
    Bertino E, Ferrari E (2002) Secure and selective dissemination of XML documents. ACM Transaction of Information System and Security, 5(3):290–331 Google Scholar
  4. 4.
    Damiani E, De Capitani di Vimercati S, Paraboschi S, Samarati P (2000) Securing XML documents. In: Proc. of the Int’l Conference on Extending Database Technology (EDBT2000), Konstanz, Germany Google Scholar
  5. 5.
    Geuer Pollmann C (2003) The XML security page.∼geuer-pollmann/xml_security.html Google Scholar
  6. 6.
    Gladney H, Lotspiech J (May 1997) Safeguarding digital library contents and users: assuring convenient security and data quality. D-lib Magazine Google Scholar
  7. 7.
    Hitchens M, Varadharajan V (2001) RBAC for XML document stores. Information and Communications Security (ICICS01), Lecture Notes in Computer Science, vol 2229. Springer, Berlin Heidelberg New York, pp 131–143 Google Scholar
  8. 8.
    Kudo M, Hada S (2000) XML document security and e-business applications. 7th ACM Conference on Computer and Communication Security, Nov. 2000 Google Scholar
  9. 9.
    Object Design Inc. (1998) An XML data server for building enterprise Web applications. White paper. Available at Google Scholar
  10. 10.
    Stallings W (2000) Network security essentials: applications and standards. Prentice Hall Google Scholar
  11. 11.
    Softlock Services Inc. Softlock. Google Scholar
  12. 12.
    Sibert O, Bernestein D, Van Die D (1995) The DigiBox: a self-protecting container for information commerce. In: Proc. First USENIX WorkShop on Electronic Commerce, New York, July, pp 11–12 Google Scholar
  13. 13.
    Winslett M, Ching N, Jones V, Slepchin I (1997) Using digital credentials on the World Wide Web. J Comput Secur, 5(3):255–267 Google Scholar
  14. 14.
    World Wide Web Consortium (1999) XML path language (Xpath), 1.0. W3C recommendation. Available at Google Scholar
  15. 15.
    World Wide Web Consortium (2001) XML query (XQuery), 1.0. W3C working draft. Available at Google Scholar
  16. 16.
    World Wide Web Consortium (1998) Extensible markup language (XML) 1.0. Available at Scholar

Copyright information

© Springer-Verlag 2003

Authors and Affiliations

  1. 1.Dipartimento di Informatica e ComunicazioneUniversita’ degli Studi di MilanoMilanoItaly
  2. 2.Dipartimento di Scienze Chimiche, Fisiche e MatematicheUniversita’ degli Studi dell’InsubriaComoItaly

Personalised recommendations