Databases Reference
In-Depth Information
2
Access Control Models for XML
S. De Capitani di Vimercati
1
, S. Foresti
1
, S. Paraboschi
2
, and P. Samarati
1
1
University of Milan - 26013 Crema, Italy
{
decapita,foresti,samarati
}
@dti.unimi.it
2
University of Bergamo - 24044 Dalmine, Italy
parabosc@unibg.it
Summary.
XML has become a crucial tool for data storage and exchange. In this
chapter, after a brief introduction on the basic structure of XML, we illustrate the
most important characteristics of access control models. We then discuss two models
for XML documents, pointing out their main characteristics. We finally present
other proposals, describing their main features and their innovation compared to
the previous two models.
1 Introduction
The amount of information that is made available and exchanged on the Web
sites is continuously increasing. A large portion of this information (e.g., data
exchanged during EC transactions) is sensitive and needs to be protected.
However, granting security requirements through HTML-based information
processing turns out to be rather awkward, due to HTML's inherent limi-
tations. HTML provides no clean separation between the structure and the
layout of a document and some of its content is only used to specify the doc-
ument layout. Moreover, site designers often prepare HTML pages according
to the needs of a particular browser. Therefore, HTML markup has generally
little to do with data semantics.
To the aim of separating data that need to be represented from how they
are displayed, the World Wide Web Consortium (W3C) has standardized a
new markup language: the
eXtensible Markup Language
(XML)[1].XMLis
a markup meta-language providing semantics-aware markup without losing
the formatting and rendering capabilities of HTML. XML's tags' capability
of self-description is shifting the focus of Web communication from conven-
tional hypertext to data interchange. Although HTML was defined using only
a small and basic part of SGML (Standard Generalized Markup Language:
ISO 8879), XML is a sophisticated subset of SGML, designed to describe
data using arbitrary tags. As its name implies, extensibility is a key feature of
XML; users and applications are free to declare and use their own tags and at-
tributes. Therefore, XML ensures that both the logical structure and content
