A Secure Publishing Service for Digital Libraries of XML Documents
Secure publication over the Internet of XML data is becoming a crucial need as XML is rapidly becoming a standard for document representation and exchange over the Web. Publishing services must have a mechanism that ensures that a user receives all and only those portions of information he/she is entitled to access (for instance those for which the user has paid a subscription fee). Furthermore, such a mechanism must ensure that these contents are not eavesdropped during their transmission from the publishing service to the user. In this paper, we propose an architecture for secure publishing of XML documents. Distinguishing features of our proposal is the flexibility the publishing service offers both in terms of the way users can select the contents they are interested in and in the way the contents are delivered to users. Secure content delivery to users is obtained through the use of different encryption schemes, which ensure that only subscribed users can access the contents managed by the publishing service. In the paper, we first present an overall view of the proposed approach. We then introduce the components of the architecture and the encryption schemes we have developed. Finally, we present algorithms for information delivery to users.
KeywordsPublishing Service Encryption Scheme Digital Library Secure Publishing Distribution Mode
Unable to display preview. Download preview PDF.
- 1.E. Bertino, B. Carminati, E. Ferrari, B. Thuraisingham, A. Gupta. Selective and Authentic Third-party Distribution of XML Document. Tecnical Report DSI, University of Milano. Submitted for publication.Google Scholar
- 2.E. Bertino, S. Castano, E. Ferrari. Securing XML Documents: the Author-X Project Demonstration. In Proc. of the ACM SIGMOD 2001 Conference, Santa Barbara, CA, May 2001.Google Scholar
- 3.E. Bertino, S. Castano, E. Ferrari and M. Mesiti. Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal, Baltzer Science Publishers, 3(3), 2000.Google Scholar
- 4.G.C. Chick, S.E. Tavares. Flexible Access Control with Master Keys. In Proc. of the Conference on Advances in Crypology (EUROCRYPT ’89), pages 316–322, 1998.Google Scholar
- 5.C. Geuer Pollmann. The XML Security Page. http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xmlsecurity.html
- 6.S. Halevi, and E. Petrank. Storing classified file. Available at ftp://theory.lcs.mit.edu/pub/people/shaih/classify.ps.gz
- 8.RSA Data Security Inc. http://www.rsa.com
- 9.W. Stallings. Network Security Essentials: Applications and Standars. Prentice Hall, 2000.Google Scholar
- 11.Word Wide Web Consortium. Extensible Markup Language (XML) 1.0, 1998.Google Scholar
- 12.World Wide Web Consortium (dy1999). XML Path Language (Xpath) 1.0. http://www.w3.org/TR/xpath.