Abstract
Web based services and applications have increased the availability and accessibility of information. XML (eXtensible Markup Language) has recently emerged as an important standard in the area of information representation. XML documents can represent information at different levels of sensitivity. Access control for XML document stores must recognise the finegrained nature of the document structure. In this paper we present an approach to access control for XML document stores. This framework is based on RBAC and includes a syntax for specifying access control policies for the store.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Castano, S. & and Ferrari, E., On specifying security policies for web documents with an XML-based language, Sixth ACM Symposium on Access control models and technologies May 2001, Chantilly, USA, pp. 57–65.
Bonatti, P. & Samarati, P., Regulating Service Access and Information Release on the Web, In Proc. Of the 7th ACM Conference on Computer and Communication Security, Athens, Greece, November 2000.
Chandramouli, R., Application of XML tools for enterprise-wide RBAC implementation tasks, Proceedings of the fifth ACM workshop on Role-based access control July 2000, Berlin, pp. 11–18.
Damiani, E., De Capitani di Vimercati, Paraboschi, S & Samarati, P., XML Access Control Systems: A Component Based Approach, In Fourteenth Annual IFIP WG 11.3 Working Conference on Database Security, Schoorl, The Netherlands, August 2000.
Ferraiolo, D., and Kuhn, R.: Role based access controls, Proceedings of the 15th NISTNCSC National Computer Security Conference, Baltimore MD, USA, 1992, pp. 554–563.
Giuri, L., Role-based access control on the Web using Java, Proceedings of the fourth ACM workshop on role-based access control on Role-based access control October 1999, Fairfax, USA, pp. 11–18.
Hilchenbach, B., Observations on the real-world implementation of role-based access control, Proceedings of the 20th National Information Systems Security Conference, Baltimore MD, USA, 1997, pp. 341–52.
Hitchens, M. & Varadharajan, V. Design and specification of role based access control policies, IEE Proc.-Softw., Vol. 147, No. 4 August 2000, pp. 117–129.
Park, J. & Sandhu, R., RBAC on the Web by smart certificates, Proceedings of the fourth ACM workshop on role-based access control on Role-based access control October 1999, Fairfax, USA, pp. 1–9.
Sandhu, R., Coyne, E. J., and Feinstein, H. L., Role based access control models, IEEE Computer, 1996, 29, (2), pp. 38–47.
Sandhu, R. & Park, J., Decentralised User-role Assignment for Web-based Intranets, 3rd ACM Workshop on RBAC, Fairfax, USA, October 1998.
World Wide Web Consortium (W3C), Extensible Markup Language (XML), February 1998, http://www.w3.org/XML.
World Wide Web Consortium (W3C), XML Path Language (XPath) Version 1.0, November 1999, http://www.w3.org/TR/xpath.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hitchens, M., Varadharajan, V. (2001). RBAC for XML Document Stores. In: Qing, S., Okamoto, T., Zhou, J. (eds) Information and Communications Security. ICICS 2001. Lecture Notes in Computer Science, vol 2229. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45600-7_15
Download citation
DOI: https://doi.org/10.1007/3-540-45600-7_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42880-0
Online ISBN: 978-3-540-45600-1
eBook Packages: Springer Book Archive