Book Chapter10.1007/3-540-46439-5_8
Securing XML Documents
Ernesto Damiani,Sabrina De Capitani di Vimercati,Stefano Paraboschi,Pierangela Samarati +3 more
- 27 Mar 2000
- pp 121-135
254
TL;DR: This work presents an access control model to protect information distributed on the Web that, by exploiting XML's own capabilities, allows the definition and enforcement of access restrictions directly on the structure and content of XML documents.
read more
Abstract: Web-based applications greatly increase information availability and ease of access, which is optimal for public information. The distribution and sharing by theWeb of information that must be accessed in a selective way requires the definition and enforcement of security controls, ensuring that information will be accessible only to authorized entities. Approaches proposed to this end level, independently from the semantics of the data to be protected and for this reason result limited. The eXtensible Markup Language (XML), a markup language promoted by the World Wide Web Consortium (W3C), represents an important opportunity to solve this problem. We present an access control model to protect information distributed on the Web that, by exploiting XML's own capabilities, allows the definition and enforcement of access restrictions directly on the structure and content of XML documents. We also present a language for the specification of access restrictions that uses standard notations and concepts and briefly describe a system architecture for access control enforcement based on existing technology.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Specifying and enforcing access control policies for XML document sources
TL;DR: This paper proposes access control policies and an associated model for XML documents, addressing peculiar protection requirements posed by XML, and allows the Security Administrator to choose different policies for documents not covered or only partially covered by the existingAccess control policies for document types.
234
Design and implementation of an access control processor for XML documents
Ernesto Damiani,Sabrina De Capitani di Vimercati,Stefano Paraboschi,Pierangela Samarati +3 more
- 01 Jun 2000
TL;DR: An Access Control System for XML is described allowing for definition and enforcement of access restrictions directly on the structure and content of XML documents, thus providing a simple and effective way for users to protect information at the same granularity level provided by the language itself.
203
Patent
Efficient evaluation of queries using translation
Zhen Hua Liu,Muralidhar Krishnaprasad,Anand Manikutty,James W. Warner,Hui X Zhang,Vikas Arora,Susan Kotsovolos +6 more
- 09 Jun 2005
TL;DR: In this paper, techniques for processing a query including receiving the query, where the query specifies certain operations, determining that the query includes a first portion in a first query language and a second part in a second query language, and performing the certain operations based on the third in-memory representation.
192
Regulating access to XML documents
Alban Gabillon,Emmanuel Bruno +1 more
- 15 Jul 2001
TL;DR: A security model for regulating access to XML documents with the smallest protection granularity of the node, that is, authorisation rules granting or denying access to a single node can be defined.
Flexible authentication of XML documents
Premkumar Devanbu,Michael Gertz,April Kwong,Charles U. Martel,Glen Nuckolls,Stuart G. Stubblebine +5 more
- 05 Nov 2001
TL;DR: This work proposes a new approach to signing XML documents which allows untrusted servers to answer certain types of path queries and selection queries over XML documents without the need for trusted on-line signing keys.
References
A unified framework for enforcing multiple access control policies
Sushil Jajodia,Pierangela Samarati,V. S. Subrahmanian,Eliza Bertino +3 more
- 01 Jun 1997
TL;DR: This paper presents a flexible authorization manager (FAM) that can enforce multiple access control policies within a single, unified system and formally defines the language and properties required to hold on the security specifications and proves that this language can express all security specifications.
330
•Proceedings Article
Data-Driven, One-To-One Web Site Generation for Data-Intensive Applications
Stefano Ceri,Piero Fraternali,Stefano Paraboschi +2 more
- 07 Sep 1999
TL;DR: It is argued that personalization of Web access (also called oneto-one Web delivery) is naturally supported by the proposed data-driven approach, and is claimed to be a key ingredient of the Web applications of the near future.
XML linking
TL;DR: The Web Consortium's XML Linking working group is developing specifications to enable more advanced hypertext functionality on the Web: in particular fine-grained anchors, external annotation, and bidirectional links.
56