Databases Reference
In-Depth Information
make the authorization specification task too heavy. The system may then
support, beside authorizations on single documents (or portions of doc-
uments), authorizations on collections of documents [9]. The concept of
DTD can be naturally exploited to this end, by allowing protection re-
quirements to refer to DTDs or XML documents, where requirements
specified at the level of DTD apply to all those documents instance of
the considered DTD. Authorizations specified at DTD level are called
schema level
authorizations, while those specified at XML document level
are called
instance level
authorizations.
Furthermore, it is important to be able to specify both organization-wide
and domain authorizations, which apply only to a part of the whole or-
ganization. To this purpose, some systems [9] allow access and protection
requirements to be specified both at the level of the enterprise, stating
general regulations, and at the level of specific domains where, according
to a local policy, additional constraints may need to be enforced or some
constraints may need to be relaxed. Organizations specify authorizations
with respect to DTDs; domains can specify authorizations with respect
to specific documents as well as to DTDs.
Propagation Policy. The structure of an XML document can be exploited by
possibly applying different propagation strategies that allow the derivation
of authorizations from a given set of authorizations explicitly defined over
elements of DTD and/or XML documents. Some proposals therefore dis-
tinguish between two kinds of authorizations:
local
,and
recursive
[9]. Local
authorizations defined on an element apply to all its attributes only. A
recursive authorization defined on an element applies to its whole content
(both attributes and subelements). Recursive authorizations represent an
easy way for specifying authorizations holding for the whole structured
content of an element (for the whole document if the element is the root
node of the document).
The models proposed in [6, 7] assume that negative authorizations are
always recursive, while positive authorizations may be either local or re-
cursive.
Besides downward propagation, upward propagation methods have been
introduced [10]. Here, the authorizations associated with a node in the
XML tree propagate to all its parents.
Some of the most common propagation policies (which include also some
resolution policies for possible conflicts) are described in the following [11].
•
No propagation.
Authorizations are not propagated. This is the case
of local authorizations.
•
No overriding.
Authorizations of a node are propagated to its descen-
dants, but they are all kept.
•
Most specific overrides.
Authorizations of a node are propagated to
its descendants, if not overridden. An authorization associated with a
