Databases Reference
In-Depth Information
Recently proposed models [5] for access control on XML documents intro-
duce the possibility of specifying authorizations on the basis of subject's
characteristics, called
credentials
, without even knowing the user's identity
and/or location.
Object Granularity. The identification of the object involved in a specific au-
thorization can exploit the possibility given by XML of identifying el-
ements and attributes within a document through path expressions as
defined by the XPath language.
Consequently, XML allows the specification of authorizations at a fine
grained level. Any portion of a document that can be referred by a path
expression can be the object of an authorization. For instance, a single el-
ement or a single attribute are objects as well as a whole XML document.
It is important to note that not all models support entirely XPath syntax,
since it is very expressive and may be dicult to manage. For instance,
some models impose restrictions on the number of times that the
//
op-
erator can appear in a path expression [6], other proposals do not allow
predicates to be specified after the
//
operator [7].
Action. Most of the proposed XML access control models support only
read
operations, since there is not a standard language for XML update. Fur-
thermore, the management of
write
privileges is a dicult task, which
needs to take into account both the access control policy and the DTD
(or XML Schema) defined for the document. In fact, the DTD may
be partially hidden to the user accessing the document, as some ele-
ments/attributes may be denied by the access control policy. For instance,
when adding an element to the document, the user may even not be aware
of the existence of a required attribute associated with it, as she is not
entitled to access the attribute itself.
However, some approaches try to also support write privileges that are
usually classified as: insert operations, update operations, and delete op-
erations.
In [8], the author proposes to differentiate also read privileges in two
categories: the privilege of reading the content of an element, from the
privilege of knowing that there is an element in a certain position of the
XML document (without knowing the name and content of the element
itself). The former authorization class is modeled as
read
action, while
the latter is modeled as
position
action. In the same paper, the author
proposes also to add the possibility, for the security administrator, to
propagate privileges
with-grant option
, as in typical database contexts.
We now discuss the basic peculiar features that are supported by the
existing XML-based access control models.
Support for Fine and Coarse Authorizations. The different protection re-
quirements that different documents may have call for the support of
access restrictions at the level of each specific document. However, re-
quiring the specification of authorizations for each single document would
