A Rule-Based XML Access Control Model

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2876)


Due to a widely use of XML language in various application domains, a well-established mechanism for the definition and enforcement of security controls on specific accesses to XML documents is demanded, in order to ensure that only authorized entities can perform certain actions on the protected data. The proposed rule-based, declarative approach supports definition of (possibly implicit and complex) authorization rules on particular nodes within a document as well as enforcement of multiple user-defined policies, specifying selected mechanisms to resolve conflicts or to apply default authorization. Moreover, by founded on both RDF and XDD theory, the developed approach yields a simple yet flexible and interchangeable XML access control model with well-defined declarative semantics.


Access Control Resource Description Framework Access Control Policy Access Control Model Path Expression 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Akama, K., Shimitsu, T., Miyamoto, E.: Solving Problems by Equivalent Transformation of Declarative Programs. Journal of the Japanese Society of Artificial Intelligence 13(6), 944–952 (1998) (in Japanese)Google Scholar
  2. 2.
    Anutariya, C., Wuwongse, V., Wattanapailin, V.: An Equivalent-Transformation- Based XML Rule Language. In: Proc. Int’l Workshop Rule Markup Languages for Business Rules in the Semantic Web, Sardinia, Italy (2002)Google Scholar
  3. 3.
    Bertino, E., Castano, S., Ferrari, S., Mesiti, M.: Specifying and Enforcing Access Control Policies for XML Document Sources. In: World Wide Web, vol. 3(3). Baltzer Science Publishers, Netherlands (2000)Google Scholar
  4. 4.
    Bertino, E., Castano, S., Ferrari, E.: On specifying security policies for web documents with an XML-based language. In: Proc. 6th ACM Symposium on Access control models and technologies, pp. 57–65. ACM Press, New York (2001)CrossRefGoogle Scholar
  5. 5.
    Brickley, D., Guha, R.V.: RDF Vocabulary Description Language 1.0: RDF Schema. W3C Working Draft (January 2003),
  6. 6.
    Damiani, E., Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. ACM Transaction on Information and System Security 5(2), 169–202 (2002)CrossRefGoogle Scholar
  7. 7.
    Godik, S., Moses, T.: XACML 1.0, OASIS Standard (Febraury 18, 2003),
  8. 8.
    Herzberg, A., Mass, Y.: Relying Party Credentials Framework. In: Proc. RSA Conference, San Francisco, CA (April 2001)Google Scholar
  9. 9.
    Herzberg, A., Mass, Y., Mihaeli, J.: Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In: Proc. IEEE Symposium Security and Privacy, CA (2000)Google Scholar
  10. 10.
    Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proc. 1997 ACM SIGMOD: Int’l Conf. Management of data, Arizona, pp. 474–485 (1997)Google Scholar
  11. 11.
    Kudo, M., Hada, S.: XML Document Security based on Provisional Authorization. In: Proc. 7th ACM Conf. Computer and Communications Security, Greece, pp. 87–96 (2000)Google Scholar
  12. 12.
    Lassila, O. and Swick, R.R.: Resource Description Framework (RDF) Model and Syntax Specification. W3C Recommendation (Febraury 1999),
  13. 13.
    OASIS XACML Technical Committee,
  14. 14.
    Wuwongse, W., Akama, K., Anutariya, C., Nantajeewarawat, E.: A Data Model for XML Databases. J. Intelligent Information Systems 20(1), 63–80 (2003)CrossRefGoogle Scholar
  15. 15.
    Wuwongse, W., Anutariya, C., Akama, K., Nantajeewarawat, E.: XML Declarative Description (XDD): A Language for the Semantic Web. IEEE Intelligent Systems 16(3), 54–65 (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  1. 1.Computer Science ProgramShinawatra UniversityPathumthaniThailand
  2. 2.Department of Social Informatics, Graduate School of InformaticsKyoto UniversityKyotoJapan
  3. 3.Asian Institute of TechnologyComputer Science and Information Management ProgramPathumthaniThailand

Personalised recommendations