Databases Reference
In-Depth Information
of semantically rich information is retained. XML focuses on the description
of information structure and content as opposed to its presentation. Presen-
tation issues are addressed by a separate language, XSL [2] (XML Stylesheet
Language), which is also a W3C standard for expressing how XML-based data
should be rendered.
Since XML documents can be used instead of traditional relational
databases for data storage and organization, it is necessary to think of a secu-
rity system for XML documents protection. In this chapter, we will focus on
access control enforcement. Specifically, in the literature, different access con-
trol models have been proposed for protecting data stored in XML documents,
exploiting the flexibility offered by the markup language. Even if traditionally
access control models can be applied to XML documents, by simply treating
them as files, a finer grained access control system is frequently necessary. As
a matter of fact, an XML document may contain both sensitive and publicly
available information, and it is necessary to distinguish between them when
specifying the access control policy.
The remainder of the chapter is organized as follows. Section 2 discusses
the basic XML concepts, by introducing DTD, XML Schema, XPath and
XQuery syntax and semantics. Section 3 introduces the problem of access
control for XML documents, points out the characteristics that an access
control model for XML documents should have. Section 4 illustrates in the
details two of the first access control models proposed for XML documents,
and briefly describes other proposals. Finally, Sect. 5 concludes the chapter.
2 Preliminary Concepts
XML [1] (eXtensible Markup Language) is a markup language developed
by the World Wide Web Consortium (W3C) and used for describing semi-
structured information. We introduce some of the most important concepts
related to XML, which are useful to define an access control system for pro-
tecting XML documents.
2.1 Well-Formed and Valid XML Documents
XML document is composed of a sequence of (possibly nested)
elements
and
attributes
associated with them. Basically, elements are delimited by a pair
of start and end tags (e.g.,
<
request
>
and
<
/request
>
) or, if they have
no content, are composed of an empty tag (e.g.,
<
request/
>
). Attributes
represent properties of elements and are included in the start tag of the el-
ement with which they are associated (e.g.,
<
request number=
“10”
>
). An
XML document is said to be
well-formed
if its syntax complies with the rules
defined by the W3C consortium [1], which can be summarized as follows:
•
the document must start with the
prologue
<?xml version=
“1.0”
?>
;
