Databases Reference
In-Depth Information
Table 1.
Authorization types
Propagation
Level/Strength
Local Recursive
Instance
L
R
Instance (soft statement)
LS
RS
DTD
LD
RD
DTD (hard statement)
LDH RDH
authorizations as
hard
(i.e., to be applied independently from instance
level authorizations). Besides the distinction between instance level and
schema level authorizations, this model allows the definition of two types
of schema level authorizations:
organization
and
domain
schema level au-
thorizations. Organization schema level authorizations are stated by a
central authority and can be used to implement corporate wide access
control policies on document classes. Domain schema level authorizations
are specified by departmental authorities and describe department poli-
cies complementing the corporate ones. For simplicity, these two classes
of authorizations are merged by performing a
flat union
(i.e., they are
treated in the same way).
The combination of the options above (i.e., local vs recursive, schema
vs instance level, and soft vs hard authorizations) introduces the eight
authorization types summarized in Table 1. Their semantics dictates a
priority order among the authorization types. The priority order from the
highest to the lowest is:
LDH
(local hard authorization),
RDH
(recursive
hard authorization),
L
(local authorization),
R
(recursive authorization),
LD
(local authorization specified at the schema level),
RD
(recursive autho-
rization specified at the schema level),
LS
(local soft authorization), and
RS
(recursive soft authorization).
Access Control Enforcement
Whenever a user makes a request for an object of the system, it is necessary to
evaluate which portion of the object (if any) she is allowed to access. To this
aim, the system builds a
view
of the document for the requesting subject [9].
The view of a subject on each document depends on the access permissions
and denials specified by the authorizations and on their priorities. Such a view
can be computed through a
tree labeling
process, followed by a
transformation
process.
Given an access request
rq
and the requested XML document URI, the
tree labeling process considers the tree corresponding to URI and, for each of
its nodes, tries to identify if the requesting subject is allowed or denied access.
Each node
n
in the considered tree is associated with a vector
n.veclabel
[
t
]
