Research On The Application Of Constraint Access Control For XML Repositories

Access control is a technology used to permit or limit access ability and its scope by certain means. Applying this service, information system can effectively control users' access to sensitive resources, and prevent the damage due to illegal users' intrusion or legal users' misuse. The sensitive resources mentioned above are multifarious, including network equipments, application functions, records in database and so on. But this paper focuses on XML repositories.An XML repository stores a vast amount of XML documents, and considering that an XML document is well formed, the administrator may want to control the accessibility of an element within an XML file. According to these requirements, the paper analyses the potential problems if the model of role-base access control or XML document access control is applied solely, and then presents the architecture of XML repository access control system which includes two important components, namely File-level Access Control component and Element-level Access Control component, the former one refers to the model of role-base access control while the latter one utilizes the model of XML document access control. In our solution, some amendments concerning these two models are proposed according to the specialties of the field where we perform access control, and the relative researches are made especially on several crucial issues including:1. As for the description of policy representationBased on the analysis of deficiency of traditional methods such as security cookies and attribute certificate, this paper proposes XML-based policy specification language, and presents the definition of File-level policy document and Element-level policy document. The characteristics of XML documents make it convenient to share that authorization information between enterprises or the departments in a certain enterprise.2. As for the File-level policy checkReferring to the means in GRBAC model, this paper introduces the concepts of basic policies, extended policies and abnormal policies, and improves the former algorithm that has the disadvantage that it has to compute the role entry set in any circumstance.3. As for authority constraintThis paper points out the insufficiencies of the existing method in the aspect of system maintenance, according to which it introduces the concept of context parameter, and puts forward an adequate constraint express solution, then illustrates the plan in the aspects of the description of constraint information and the design of constraint solution class, and finally analyses its flexibility when it deals with the change of constraint condition.This paper elaborates the mechanism of File-level Access Control component and Element-level Access Control component, and it implements the corresponding system. The result shows that this system can provide effective File-level and Element-level access control for XML repository, and also provide good support in the aspect of authority constraint. The study of this paper paves the way of popularizing further the XML technology in the fields of enterprise informatization, e-Commerce and e-Government and so on.