An Efficient Authorization Mechanism for Secure XML Sources on the Web
Sun-Moon Jo* and Weon-Hee Yoo**
*Department of Computer Information Technology Education, Paichai University, 439-6 Doma-2Dong, Seo-Gu, Daejeon, Korea
**Department of Computer Science and Information Engineering, Inha University, 253 Yonghyun-Dong, Nam-Gu, Incheon, Korea
XML-based access control technology aims at providing an authorization policy that can be consistently applied to various products for access control services on Internet and different kinds of environment for the products and thus providing interoperability to the existing access control products with diverse kinds of environment and types. The existing access control fails to consider information structure and semantics sufficiently due to the fundamental limitations of HTML. In addition, XML document access control supplies only action read and permits alterations of very limited value for action write. The existing access control has disadvantages that DOM tree should be loaded on memory while all XML documents are parsed to generate DOM tree; that a lot of memory is used in repetitive search for tree to authorize access to all nodes in DOM tree; and that the complex authorization evaluation process may lower system performance. In this paper, we present an authorization mechanism for secure XML sources on the Web.
-  A. Gabillon and E. Bruno, “Regulating Access to XML Documents,” In Proc. IFIP WG11.3 Working Conference on Database Security, 2001.
-  T. Bray, J. Paoli, C. M. Sperberg-McQueen, and E. Maler, “Extensible Markup Language (XMLTM),” 2000.
-  Document Object Model (DOM),
Available at http://www.w3.org/DOM/
-  E. Bertino, S. Castano, E. Ferrari, and M. Mesiti, “Specifying and Enforcing Access Control Policies for XML Document Sources,” WWW Journal, Baltzer Science Publishers, Vol.3, No.3, 2000.
-  E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati, “Securing XML documents,” in Proc. Of the 2000 International Conference on Extending Database Technology (EDBT2000), Konstanz, Germany, March 27-31, 2000.
-  E. Damiani, S. Vimercati, S. Paraboschi, and P. Samarati, “Design and implementation of an access control processor for xml documents,” In proceedings of the 9th International WWW Conference, Amsterdam, May, 2000.
-  IBM Tokyo Lab, “XML Access Control Language,” 2000.
-  M. Kudo and S. Hada, “XML Document Security based on Provisional Authorization,” CSS 2000, Athens, Greece.
-  OASIS, “OASIS extensible Access Control Markup Language Working Draft 14,” Jun., 2002.
-  OASIS-XACMLTC, “OASIS eXtensible Access Control Markup Language,” Working Draft 15, July 12, 2002.
-  Simple API for XML,
-  Sun’s XACML Implementation,
-  T. Bray, J. Paoli, and C. M. Sperberg-Mc-Gueen, “Extensible Markup Language (XML) 1.0,” 1998.
-  World Wide Web Consortium (W3C), “XML Path Language (XPath) Version 1.0,” October, 1999.