Databases Reference
In-Depth Information
3
Access Control Policy Languages in XML
Naizhen Qi and Michiharu Kudo
Tokyo Research Laboratory
IBM, Japan
{naishin,kudo}@jp.ibm.com
Summary.
Policy specification for XML data access control has been dicult since
the specification languages usually have complicated semantics and syntax. In this
chapter, first we introduce the semantics and syntax of two security policy languages
and one policy framework. Then we address several tools for policy modeling and
generation which help users in capturing security concerns during the design, and
developing the security policies and functions during the implementation.
1 Introduction
Since repeated security incidents such as unexpected personal information
leakages and identity thefts have been increasing recently, secure data man-
agement is becoming a crucial factor for applications and services. A fun-
damental enforcement of data management is to specify the access control
policies to control each request to the data handled by the system and to
determine whether the request should be granted or denied. Several expres-
sive and powerful policy specification languages like XACL [9], XACML [10]
and WS-Policy [20] have been designed for the specification of XML-based
security policies. However, there are also diculties in policy specification, in-
tegration, management, and maintenance owing to the complicated semantics
and syntax of these policy languages.
In this chapter, we discuss several access control policy languages designed
for fine-grained XML data management, then address several mechanisms
and tools for policy modeling and generation. With these tools, the business
stakeholders are able to capture and integrate security concerns at a higher
business level, and the developers can easily associate the security-related
requirements with the security policies and the implementation.
