An Efficient Authorization Mechanism for Secure XML Sources on the  Web

Sun-Moon Jo; Weon-Hee Yoo

doi:10.20965/jaciii.2006.p0721

single-jc.php

« previous

JACIII Vol.10 No.5 pp. 721-727

doi: 10.20965/jaciii.2006.p0721

(2006)

Paper:

Views over last 60 days: 680

An Efficient Authorization Mechanism for Secure XML Sources on the Web

Sun-Moon Jo^* and Weon-Hee Yoo^**

^*Department of Computer Information Technology Education, Paichai University, 439-6 Doma-2Dong, Seo-Gu, Daejeon, Korea

^**Department of Computer Science and Information Engineering, Inha University, 253 Yonghyun-Dong, Nam-Gu, Incheon, Korea

Received:

October 28, 2005

Accepted:

March 17, 2006

Published:

September 20, 2006

Keywords:

XML document, authorization rule, XML security, subject, object

Abstract

XML-based access control technology aims at providing an authorization policy that can be consistently applied to various products for access control services on Internet and different kinds of environment for the products and thus providing interoperability to the existing access control products with diverse kinds of environment and types. The existing access control fails to consider information structure and semantics sufficiently due to the fundamental limitations of HTML. In addition, XML document access control supplies only action read and permits alterations of very limited value for action write. The existing access control has disadvantages that DOM tree should be loaded on memory while all XML documents are parsed to generate DOM tree; that a lot of memory is used in repetitive search for tree to authorize access to all nodes in DOM tree; and that the complex authorization evaluation process may lower system performance. In this paper, we present an authorization mechanism for secure XML sources on the Web.

Cite this article as:

S. Jo and W. Yoo, “An Efficient Authorization Mechanism for Secure XML Sources on the Web,” J. Adv. Comput. Intell. Intell. Inform., Vol.10 No.5, pp. 721-727, 2006.

Data files:

References

[1] A. Gabillon and E. Bruno, “Regulating Access to XML Documents,” In Proc. IFIP WG11.3 Working Conference on Database Security, 2001.
[2] T. Bray, J. Paoli, C. M. Sperberg-McQueen, and E. Maler, “Extensible Markup Language (XML^TM),” 2000.
http://www.w3.org/XML/
[3] Document Object Model (DOM),
Available at http://www.w3.org/DOM/
[4] E. Bertino, S. Castano, E. Ferrari, and M. Mesiti, “Specifying and Enforcing Access Control Policies for XML Document Sources,” WWW Journal, Baltzer Science Publishers, Vol.3, No.3, 2000.
[5] E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati, “Securing XML documents,” in Proc. Of the 2000 International Conference on Extending Database Technology (EDBT2000), Konstanz, Germany, March 27-31, 2000.
[6] E. Damiani, S. Vimercati, S. Paraboschi, and P. Samarati, “Design and implementation of an access control processor for xml documents,” In proceedings of the 9th International WWW Conference, Amsterdam, May, 2000.
[7] IBM Tokyo Lab, “XML Access Control Language,” 2000.
http://www.tr.ibm.com/projects/xml/xacl/xacl-spec.html
[8] M. Kudo and S. Hada, “XML Document Security based on Provisional Authorization,” CSS 2000, Athens, Greece.
[9] OASIS, “OASIS extensible Access Control Markup Language Working Draft 14,” Jun., 2002.
http://www.oasis-open.org/ommittess/xacml/docs/
[10] OASIS-XACMLTC, “OASIS eXtensible Access Control Markup Language,” Working Draft 15, July 12, 2002.
http://www.oasis-open.org/committes/xacml/repository/draftxacml-schema-policy-15.doc
[11] Simple API for XML,
http://www.megginso.com/SAX
[12] Sun’s XACML Implementation,
http://sunxacml.soureefore.net/
[13] T. Bray, J. Paoli, and C. M. Sperberg-Mc-Gueen, “Extensible Markup Language (XML) 1.0,” 1998.
http://www.w3g.org/TR/REC-xml#dt-xml-doc
[14] World Wide Web Consortium (W3C), “XML Path Language (XPath) Version 1.0,” October, 1999.
http://www.w3.org/TR/PR-XPath 19991008

This article is published under a Creative Commons Attribution-NoDerivatives 4.0 Internationa License.

[1] [1] A. Gabillon and E. Bruno, “Regulating Access to XML Documents,” In Proc. IFIP WG11.3 Working Conference on Database Security, 2001.

[2] [2] T. Bray, J. Paoli, C. M. Sperberg-McQueen, and E. Maler, “Extensible Markup Language (XML^TM),” 2000.
http://www.w3.org/XML/

[3] [3] Document Object Model (DOM),
Available at http://www.w3.org/DOM/

[4] [4] E. Bertino, S. Castano, E. Ferrari, and M. Mesiti, “Specifying and Enforcing Access Control Policies for XML Document Sources,” WWW Journal, Baltzer Science Publishers, Vol.3, No.3, 2000.

[5] [5] E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati, “Securing XML documents,” in Proc. Of the 2000 International Conference on Extending Database Technology (EDBT2000), Konstanz, Germany, March 27-31, 2000.

[6] [6] E. Damiani, S. Vimercati, S. Paraboschi, and P. Samarati, “Design and implementation of an access control processor for xml documents,” In proceedings of the 9th International WWW Conference, Amsterdam, May, 2000.

[7] [7] IBM Tokyo Lab, “XML Access Control Language,” 2000.
http://www.tr.ibm.com/projects/xml/xacl/xacl-spec.html

[8] [8] M. Kudo and S. Hada, “XML Document Security based on Provisional Authorization,” CSS 2000, Athens, Greece.

[9] [9] OASIS, “OASIS extensible Access Control Markup Language Working Draft 14,” Jun., 2002.
http://www.oasis-open.org/ommittess/xacml/docs/

[10] [10] OASIS-XACMLTC, “OASIS eXtensible Access Control Markup Language,” Working Draft 15, July 12, 2002.
http://www.oasis-open.org/committes/xacml/repository/draftxacml-schema-policy-15.doc

[11] [11] Simple API for XML,
http://www.megginso.com/SAX

[12] [12] Sun’s XACML Implementation,
http://sunxacml.soureefore.net/

[13] [13] T. Bray, J. Paoli, and C. M. Sperberg-Mc-Gueen, “Extensible Markup Language (XML) 1.0,” 1998.
http://www.w3g.org/TR/REC-xml#dt-xml-doc

[14] [14] World Wide Web Consortium (W3C), “XML Path Language (XPath) Version 1.0,” October, 1999.
http://www.w3.org/TR/PR-XPath 19991008

An Efficient Authorization Mechanism for Secure XML Sources on the Web

Sun-Moon Jo* and Weon-Hee Yoo**

Sun-Moon Jo^* and Weon-Hee Yoo^**