| Extensible Markup Language (XML) technology is playing a more and more important role in storage and exchange fields, it is increasingly used as the standard language for representing information storage and exchange over the internet and intranet. XML document is the vector of XML datas, with the growth of the data capacity and increasement of the data sensitivity, the security of XML documents are becoming more and more important, especially in enterprise with large number of users and XML objects. The users'accesses must be under-control to ensure the datas in the XML document not to be read and modified without authorization.Several popular access control mechanisms have been analysised, combined with the research on the characteristic of enterprise construction and its security requirements, a role-based access control mode for XML document (RBAC-XML) is proposed. RBAC-XML model is extended from the RBAC96 model, and the administration of users, roles, and user-role assignments is the same as RBAC96, but the authorization is unique designed with the hierarchy structure of XML document. In general, XML schema objects are authorized, and XML instance objects will be authorized with the schema objects's hierarchy and schema to instance propagation. XML instance objects will be authorized by administrator in special.An implementation for RBAC-XML is given. It uses the construction of "server-pull", and takes full advantage of XML technologies. The implementation puts all the security policy files in XML format, and uses XML technologies to implement the access control, such as XML parse. It makes the implementation modular, reuseable and portable. |
PDF Full Text Request