| XML(Extensible Markup Language) has gained more popularity in Web-based distributed application system, meanwhile, brought forward new challenges to access control. In large enterprise applications, the number of users accessing the enterprise key XML resources runs in tens of thousands. Furthermore, the identities and qualifications of these users may not be known a-priori, making access management difficult. On the other hand, time is a critical factor in the access control policy of some enterprise. User's authorization is restricted at predefined time periods. In addition, it may be desirable to exercise high-level access control for conceptual related XML documents.Based on sufficient analysis of XML specification and the role-based access control (RBAC) technology, an extended RBAC model for XML documents is proposed. This model extends the traditional RBAC model with user credentials, temporal constraints and XML document classification to enforce a content-based time-aware multi-granularity access control. A unified access control specification language according to XML criterion is adopted to specify the policy of access control.User credential which is composed of a set of user attributes captures user's activity profiles. By evaluating the value of user attributes in the user credential, a qualified user is assigned to a specific role. This allows access authorization based on user characteristics and qualifications. Temporal constraints are introduced in the user assignment and permission assignment to express and realize more powerful access control semantics. The XML documents classification according to the content correlation can effectively support the concept-level access control.A XML access control system based on the extended model is designed. The system incorporates the function of policy administration and policy enforcement and provides secure effective access control for XML key resources in enterprise's Web applications. |
PDF Full Text Request