Applying hierarchical and role-based access control to XML documents

14 years 27 days ago
Applying hierarchical and role-based access control to XML documents
W3C Recommendations XML Encryption and XML-Digital Signature can be used to protect the confidentiality of and provide assurances about the integrity of XML documents transmitted over an insecure medium. The focus of this paper is how to control access to XML documents, once they have been received. This is particularly important for services where updates are sent to subscribers. We describe how certain access control policies for restricting access to XML documents can be enforced by encrypting specified regions of the document. These regions are specified using XPath filters and the policies are based on the hierarchical structure of XML documents. We also describe how techniques for assigning keys to a security lattice can be adapted to minimize the number of keys that are distributed to users and compare our approach with two other access control frameworks. Finally we consider how role-based access control can be used to enforce more complex access control policies. Categori...
Jason Crampton
Added 30 Jun 2010
Updated 30 Jun 2010
Type Conference
Year 2004
Where SWS
Authors Jason Crampton
Comments (0)