Secure Publishing of XML Documents
Secure publication over the Internet of XML data is becoming a crucial need as XML is rapidly becoming a standard for document representation and exchange over the Web. Publishing services must have a mechanism that ensures that a user receives all and only those portions of information he/she is entitled to access (for instance those for which the user has paid a subscription fee) and that these contents are not eavesdropped during their transmission from the publishing service to the user. In this paper we present the work carried on in the area of secure XML publishing as part of the Ph.D. activity. More precisely, we describe a preliminary architecture for an XML Publisher, emphasizing the open issues to be covered.
KeywordsDigital Library Secure Publishing Access Control Policy Access Control Model Access Request
Unable to display preview. Download preview PDF.
- 1.RJ Anderson, JH Lee. Jikzi: A New Framework for Secure Publishing. Security Protocols: Proceedings of the 5th international workshop.Google Scholar
- 3.E. Bertino, B. Carminati, E. Ferrari. A Secure Publishing Service for Digital Libraries of XML Documents. Information Security Conference (ISC01), Lecture Notes in Computer Science, 2200:347–362, Malaga, Spain, 2001.Google Scholar
- 4.E. Bertino, B. Carminati, E. Ferrari, B. Thuraisingham, A. Gupta. Selective and Authentic Third-party Distribution of XML Document. Technical Report DSI, University of Milano. Submitted for publication.Google Scholar
- 5.B. Carminati, E. Ferrari. Management of Access Control Policies for XML Document Sources. Technical Report DSI, University of Milano. Submitted for publication.Google Scholar
- 6.D. Beech, M. Maloney, N. Mendelsohn, H. Thompson. XML Schema Part 1: Structures. W3C Proposed Recommendation, October 2000.Google Scholar
- 7.A. Deutsch, M. Fernandez, D. Florescu, A. Levy, and D. Suciu. A Query Language for XML. In Proc. Int’l Conference on World Wide Web, Toronto, Canada, May 1999. Available at: http://www.research.att.com/suciu.
- 8.C. Geuer Pollmann. The XML Security Page. Available at http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xml_security. html.
- 9.H. Gladney, and J. Lotspiech. Safeguarding Digital Library Contents and Users: Assuring Convenient Security and Data Quality. D-lib Magazine, May 1997.Google Scholar
- 10.R.C. Merkle A Certified Digital Signature. In Advances in Cryptology-Crypto’ 89, 1989.Google Scholar
- 11.J. Robbie. XQL’99 Proposal, 1999. Available at http://metalab.unc.edu/xql/xql-proposal.html.
- 12.P. Katis, N. Sabadini, R.F.C. Walters. A formalization of the IWIM model. COORDINATION 2000, (Eds.) Porto, A.; Roman, G.-C., (Eds.), LNCS 1906, pages 267–283, 2000.Google Scholar
- 13.W. Stallings. Network Security Essentials: Applications and Standards. Prentice Hall, 2000.Google Scholar
- 14.Wen-Guey Tzeng. A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy. IEEE Transactions on Knowledge and Data Engineeriing, 2001.Google Scholar
- 15.M. Winslett, N. Ching, V. Jones, I. Slepchin. Using Digital Credentials on the World Wide Web. Journal of Computer Security, 7, 1997.Google Scholar
- 16.World Wide Web Consortium. XLink XML Linking Language, 1.0, 1999. W3C Recommendation. Available at http://www.w3.org/TR/xlink/
- 17.Word Wide Web Consortium. Extensible Markup Language (XML) 1.0, 1998.Google Scholar
- 18.World Wide Web Consortium. XML Encryption Working Group, 2001. http://www.w3.org/TR/2001/CR-xmldsig-core-20010419/
- 19.World Wide Web Consortium. XML Signature, 2001. http://www.w3.org/TR/2001/CR-xmldsig-core-20010419/
- 20.World Wide Web Consortium. XML Path Language (Xpath), 1.0, 1999. W3C Recommendation. Available at http://www.w3.org/TR/xpath.
- 21.World Wide Web Consortium. XML Query (XQuery), 1.0, 2001. W3C Working Draft. Available at http://www.w3.org/TR/xquery.