Databases Reference
In-Depth Information
an access control model for XML promises to become an important tool for
the construction of modern applications. The research of the last few years
presented in this chapter has produced several proposals for the construction
of an access control solution for XML data. These results are a robust basis
for the work of a standard committee operating within one of the important
consortia involved in the definition of Web standards. Thanks to the avail-
ability of such a standard, it is reasonable to expect that XML access control
models will be used to support the data protection requirements of many ap-
plications, making XML access control a common tool supporting the design
of generic software systems.
References
1. Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible
markup language (XML) 1.0 (fourth edition) (August 2006) W3C Recommen-
dation.
2. Berglund, A.: Extensible stylesheet language (XSL) version 1.1 (December 2006)
W3C Recommendation.
3. Clark, J., DeRose, S.: XML path language (XPath) version 1.0 (November 1999)
W3C Recommendation.
4. Boag, S., Chamberlin, D., Fernndez, M.F., Florescu, D., Robie, J., Simon, J.:
XQuery 1.0: An XML query language (January 2007) W3C Recommendation.
5. Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents.
ACM Transaction Information System Security
5
(3) (August 2002) 290-331
6. Qi, N., Kudo, M.: Access-condition-table-driven access control for XML
databases. In: Proc. of the 9th European Symposium on Research in Computer
Security, Sophia Antipolis, France (September 2004)
7. Qi, N., Kudo, M.: XML access control with policy matching tree. In: Proc. of
the 10th European Symposium on Research in Computer Security, Milan, Italy
(September 2005)
8. Gabillon, A.: An authorization model for XML databases. In: Proc. of the 2004
Workshop on Secure Web Service (SWS04), Fairfax, Virginia (November 2004)
9. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A
fine-grained access control system for XML documents. ACM Transaction In-
formation System Security
5
(2) (May 2002) 169-202
10. Kudo, M., Hada, S.: Xml document security based on provisional authoriza-
tion. In: Proc. of the 7th ACM Conference on Computer and Communications
Security (CCS00). (November 2000)
11. Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for
multiple access control policies. ACM Transactions on Database Systems
26
(2)
(June 2001) 214-260
12. Samarati, P., di Vimercati, S.D.C.: Access control: Policies, models, and mech-
anisms. In Focardi, R., Gorrieri, R., eds.: Foundations of Security Analysis and
Design. LNCS 2171. Springer-Verlag (2001)
13. Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static
analysis. ACM Transaction Information System Security
9
(3) (August 2006)
292-324
