Databases Reference
In-Depth Information
many other subsequent proposals. We then illustrate the Kudo et al. [13]
model that introduced the idea of using a static analysis system for XML
access control. Finally, we briefly describe other approaches that have been
studied in the literature to the aim of supporting write privileges and adopting
cryptography as a method for access control enforcement.
4.1 Fine Grained XML Access Control System
Damiani et al [9] propose a fine grained XML access control system, which
extends the proposals in [14, 15, 16], exploiting XML's own capabilities to
define and implement an authorization model for regulating access to XML
documents.
We now present the authorizations supported by the access control model
and illustrate the authorizations enforcement process.
Authorizations Specification
Access authorization determines the accesses that the system should allow or
deny. In this model, access authorizations are defined as follows.
Definition 1 ((Access Authorization)).
An
access authorization
a
∈
Auth
is a five-tuple of the form:
subject, object, action, sign, type
,where:
•
subject
∈
AS
is the subject for which the authorization is intended;
•
object
is either a URI
∈
Obj
or is of the form URI:PE, where URI
∈
Obj
and
PE is a path expression on the tree of document URI;
•
action
=
read
is the action being authorized or forbidden;
•
sign
is the sign of the authorization, which can be positive (allow
access) or negative (forbid access);
∈{
+
,
−}
•
type
is the type of the authorization and
regulates whether the authorization propagates to other objects and how it
interplays with other authorizations (exception policy).
∈{
LDH
,
RDH
,
L
,
R
,
LD
,
RD
,
LS
,
RS
}
We now discuss in more detail each of the five elements composing an
access authorization.
Subject. This model allows to identify the subject of an authorization by
specifying both her identity and her location. This choice provides more
expressiveness as it is possible to restrict the subject authorized to access
an object on the basis of her identity and of the location from which the
request comes.
Subjects
are
then
characterized
by
a
triple
, where
user-id
is the identity with
which the user connected to the system, and
IP-address
(
sym-address
,
respectively) is the numeric (symbolic, respectively) identifier of the
machine from which the user connected. The proposed model supports
user-id
,
IP-address
,
sym-address
