| XML has emerged as a prevalent standard for data exchange and storage. Some mechanisms are needed to protect sensitive information storqd in XML document, and access control is one of the mechanisms. Based on XML and relative XML technology, some problems about access control for XML source are researched.First, DTD and XML Schema are introduced, and these two patterns are compared. XML document model is described by formal method. XML Schema has a lot of merits, so the object of access control model is XML document with or without Schema.Second, XPath syntax is introduced. Access control policy defined by XPath filter expressions is researched. The XPath filter expressions are divided four categories: positive local rules, negative local rules, positive recursive rules and negative recursive rules. The local rules, recursive rules and combining rules are described by formal method.Third, An extend role-base model fitting for XML source is proposed, and common definition of an access control rule is extended. The rule has additional two fields: conditions and type. The role has not the rule's permission unless the conditions field is true. It solves the role reuse problem of traditional RBAC. Type field can not only specify the instance or schema rule, but also specify the rule's priority. It is convenient to grant and revoke permission. The permission propagation constraint improves the access control grain. It makes the grain reach element or attribute level. The rules Schema and algorithm for judging user's request are given.Fourth, the design of ERBAC-X system for articles source is given. The modules and operation flow of ERBAC-X are also given. The algorithm of every module is described with pseudo code. User-role, role- hierarchy and authorization information is described with XML.In the finality, the problems requiring further studies are discussed. |
PDF Full Text Request