Abstract
Security of XML instance is a basic problem, especially in enterprise with large number of users and XML objects as well as complex authorizations administration. In this paper, a role-based access control (RBAC) model based on XML Schema is proposed. RBAC has been proven to be efficient to improve security administration with flexible authorization management. XML Schemais a specification to define format and contents of XML instance. Access control based on a schema will be transported to all its instances. As a proposed alternate of XML Document Type Definition (DTD), XML Schema supports complex constraints for XML components, such as elements, attributes, datatypes and groups. Also, XML Schema provides a mechanism to build rich reuse relationships between schemas and elements. These will be applied in reusable permissions in our model, which efficiently simplify the security administration. Based on these features fine-grained access control can be achieved. At the same time, our model also supports instances-level authorization naturally, which provides a uniform mechanism for XML security. A abstract implementation is presented in this paper for our proposed model. “Pure” XML technologies will be applied in the implementation mechanism, which make the system lightweight and can be easily embedded into existing systems.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
R. Sandhu, E.J. Coyne, H.L. Feinstein, Role based access control models, IEEE Computer, 29,(2), pp.38–47, 1996.
Joon S. Park, R. Sandhu, and Gail-Joon Ahn, Role-Based Access Control on the Web, ACM Trans. Information and System Sec., Vol.4, No.1, Feb. 2002.
Sejong Oh, Ravi Sandhu, A Model for Role Administration Using Organization Structure, In Proc. of ACM Symposium on Access Control Models and Technologies, 2002.
E. Bertino, S. Jajodia, and P. Samarati, Supporting Multiple Access Control Policies in Database Systems, IEEE Symposium on Security and Privacy, 1996.
S. Jajodia, P. Samarati, and V.S. Subrahmanian, and E. Bertino, A United Framework for Enforcing Multiple Access Control Policies, ACM SIGMOD International Conference on Management of Data, 1997.
E. Damiani, S.D.C. Vimercati, S. Paraboschi, and P. Samarati, A Fine-grained Access Control System for XML Documents, ACM Trans. Information and System Sec., Vol.5, No.2, May 2002.
E. Beritino, S. Castano, E. Ferrai, and M. Mesiti, Specifying and Enforcing Access Control Policies for XML Document Sources, World Wide Web Journal, Vol.3, No.3, 2000.
E. Beritino, S. Castano, E. Ferrai, and M. Mesiti, Author-x: a Java-Based System for XML Data Protection, 14th IFIP WG 11.3 Working Conference on Database Security, 2000.
World Wide Web Consortium (W3C), Extensible Markup Language (XML), http://www.w3.org/XML, October, 2000
World Wide Web Consortium (W3C), XML Path Language (XPath), http://www.w3.org/TR/xpath20, August, 2002
World Wide Web Consortium (W3C), XML Schema Part 0: Primer, http://www.w3.org/TR/xmlschema-0, May, 2001
World Wide Web Consortium (W3C), XML Schema Part 1: Structures, http://www.w3.org/TR/xmlschema-1, May, 2001
OASIS, Security Services TC, http://www.oasis-open.org/committees/tc_home.php?wg-abbrev=security
OASIS, eXtensible Access Control Markup Language TC, http://www.oasis-open.org/committees/tc_home.php?wg.abbrev=xacml
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Zhang, X., Park, J., Sandhu, R. (2004). Schema Based XML Security: RBAC Approach. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds) Data and Applications Security XVII. IFIP International Federation for Information Processing, vol 142. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8070-0_24
Download citation
DOI: https://doi.org/10.1007/1-4020-8070-0_24
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8069-2
Online ISBN: 978-1-4020-8070-8
eBook Packages: Springer Book Archive