Skip to main content

Credential-Based Policies Management in an Access Control Framework Protecting XML Resources

  • Conference paper
Computer and Information Sciences – ISCIS 2006 (ISCIS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4263))

Included in the following conference series:

  • 1115 Accesses


XML has been widely adopted for Web data representation under various applications (such as DBMSs, Digital Libraries etc). Therefore, access to XML data sources has become a crucial issue. In this paper we introduce a credential-based access control framework for protecting XML resources. Under this framework, we propose the use of access policy files containing policies concerning a specific credentials type. Moreover, we propose the reorganization of the policies in these files based on their frequency of use (the more frequently it is used the higher in the file it is placed). Our main goal is to improve request servicing times. Several experiments have been conducted which are carried out either on single request or on multiple requests base. The proposed framework is proven quite beneficial for protecting XML-based frameworks such as digital libraries or any other data resources whose format is expressed in XML.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others


  1. Adam, R., Atluri, N.R., Bertino, V., Ferrari, E.E.: A Content-based Authorization Model for Digital Libraries. IEEE Transactions on Knowledge and Data Engineering 14(2), 296–315 (2002)

    Article  Google Scholar 

  2. Bertino, E., Castano, S., Ferrari, E.: Securing XML Documents with Author-X. IEEE Internet Computing, 21–31 (May-June 2001)

    Google Scholar 

  3. Bertino, E., Ferrari, E., Perego, A.: MaX: An Access Control System for Digital Libraries and the Web. In: Proceedings of IEEE Int. Computer Software and Applications Conference, Oxford, England (2002)

    Google Scholar 

  4. Carminati, B., Ferrari, E.: AC-XML Documents: Improving the Performance of a Web Access Control Module. In: Proceedings of the 10th ACM Symposium of Access Control Models and Technologies, Stockholm, Sweden (2005)

    Google Scholar 

  5. Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML Access Control Using Static Analysis. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington (2003)

    Google Scholar 

  6. Pallis, G., Stoupa, K., Vakali, A.: Storage and Access Control Issues for XML Documents. In: Taniar, D., Rahayu, J.W. (eds.) Web Information Systems, pp. 104–140. Idea Group Publishing (2004)

    Google Scholar 

  7. Sandhu, R.S., Coyne, E.J., Feinstein, H.L.: Role-Based Access Control Models. IEEE Computer, 38–47 (1996)

    Google Scholar 

  8. Stoupa, K., Vakali, A.: Policies for Web Security Services. In: Ferrari, E., Thuraisingham, B. (eds.) Web and Information Security, pp. 52–72. Idea Group Publishing (2006)

    Google Scholar 

  9. Winslett, M., Ching, N., Jones, V., Slepchin, I.: Using Digital Credentials on the World-Wide Web. Journal on Computer Security 5, 255–267 (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stoupa, K., Simeoforidis, Z., Vakali, A. (2006). Credential-Based Policies Management in an Access Control Framework Protecting XML Resources. In: Levi, A., Savaş, E., Yenigün, H., Balcısoy, S., Saygın, Y. (eds) Computer and Information Sciences – ISCIS 2006. ISCIS 2006. Lecture Notes in Computer Science, vol 4263. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-47242-1

  • Online ISBN: 978-3-540-47243-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics