Abstract
In this paper, our objective is to define a security model for regulating access to XML documents. Our model offers a security policy with a great expressive power. An XML document is represented by a tree. Nodes of this tree are of different type (element, attribute, text, comment...etc). The smallest protection granularity of our model is the node, that is, authorisation rules granting or denying access to a single node can be defined. The authorisation rules related to a specific XML document are first defined on a separate Authorisation sheet. This Authorisation sheet is then translated into an XSLT sheet. If a user requests access to the XML document then the XSLT processor uses the XSLT sheet to provide the user with a view of the XML document which is compatible with his rights.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35587-0_24
Chapter PDF
Similar content being viewed by others
References
T. Bray et al. “Extensible Markup Language (XML) 1.0”. World Wide Web Consortium (W3C). http://www.w3c.org/TR/REC-xml (October 2000).
M. Bartel et al. “XML-Signature Syntax and Processing”. W3C Candidate Recommendation. http://www.w3c.org/TR/xmldsig-core (October-2000).
E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati, “Securing XML Documents,” in Proc. of the 2000 International Conference on Extending Database Technology (EDBT2000), Konstanz, Germany, March 27–31, 2000.
E. Bertino, S. Castano, E. Ferrari and M. Mesiti. “Specifying and Enforcing Access Control Policies for XML Document Sources”. World Wide Web Journal, vol. 3, n. 3, Baltzer Science Publishers.
M. Kudo and S. Hada. “XML Document Security based on Provisional Authorisation”. Proceedings of the 7th ACM conference on Computer and communications security. November, 2000, Athens Greece.
A. Gabillon, E. Bruno. “A Filtering Model for XML documents”. WWW10 Conference Workshop on Information Filtering. Hong Kong, May 2001.
J. Clark. “XSL Transformations (XSLT) Version 1.0”. World Wide Web Consortium (W3C). http://www.w3c.org/TR/xslt (November 1999).
J. Clark et al.. “XML Path Language (XPath) Version 1.0”. World Wide Web Consortium (W3C). http://www.w3c.org/lR/xpath (November 1999).
S. Jajodia, P. Samarati, V. Subrahmanian and E. Bertino. A Unified Framework for Enforcing Multiple Access Control Policies. Proc. of the 1997 ACM International SIGMOD Conference on Management of Data, Tucson, May 1997.
F. Cuppens, A. Gabillon. “Cover Story Management”. Data and Knowledge Engineering Vol 37 /2, 2001, pp 177–201.
E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati “XML Access Control Systems: A Component-Based Approach” in Proc. IFIP WG11.3 Working Conference on Database Security, Schoorl, The Netherlands, August 21–23, 2000.
E. Bertino, M. Braun, S. Castano, E. Ferrari, M. Mesiti. “AuthorX: A Java-Based System for XML Data Protection”. In Proc. of the 14th Annual IFIP WG 11.3 Working Conference on Database Security, Schoorl, The Netherlands, August 2000.
AlphaWorks. XML Security Suite (xss4j). http://www.aphaWorks.ibm.com/tech/xmisecuritysuite
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Gabillon, A., Bruno, E. (2002). Regulating Access to XML Documents. In: Olivier, M.S., Spooner, D.L. (eds) Database and Application Security XV. IFIP — The International Federation for Information Processing, vol 87. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35587-0_21
Download citation
DOI: https://doi.org/10.1007/978-0-387-35587-0_21
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-1028-1
Online ISBN: 978-0-387-35587-0
eBook Packages: Springer Book Archive