1 / 14

A Review Report on Access Control Policies for XML Documents

This review report explores access control policies for XML documents, including access policy, conflict resolution policy, views generation, updating XML, and write access to XML. It also discusses the implementation of authorization rules and the overall conclusion.

dluann
Télécharger la présentation

A Review Report on Access Control Policies for XML Documents

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Review Report on Access Control Policies for XML Documents Aiman Rasheed Syed Akhtar Ghazi

  2. Agenda • Introduction • Access Control Building Blocks • Access Policy • Conflict Resolution Policy • Generating Views for users • Updating XML • Write Access to XML • Conclusion

  3. Introduction • Current trend of information sharing and retrieval. • Semi-structured to structured data • A need for generic environment? • Solution: XML • XML • Structured • User-defined Tags

  4. Introduction • Access Control Building Blocks • Subject • user or a group • Object • Whole or part of XML document • Authorization Rules • Grant/Deny permissions for subject on objects.

  5. /files /record @id= 9203 /member /name /diagnosis /text( ) Jeff Daan /item @id=”daan” /text( ) Pneumonia Introduction

  6. Introduction • XML Document <files> <record id=9203> <member id="daan"/> <name>Jeff Daan</name> <diagnosis> <item>Pneumonia</item> </diagnosis> </record> </files>

  7. Introduction • Authorization Rules • Grant/Deny permissions for subject on objects. <!-- Rule 1 --> <xas DefaultPolicy=”open" DefaultSubjectsFile="subjects.xss"> <!-- Rule 2 --> <rule <subject>users/member[@id=$user<subject/> <object> record[@id=$user]<object/> <accessmethod>read<accessmethod/> <access>deny<access/> <priority>10<priority/> /> </xas> • Conflict Resolution

  8. View Generation • Compute View Algorithm • A subject, main XML doc and Authorization Rules(XAS) are input to the algorithm • Traversal the XML tree • select a node • if there is a rule for the selected node such that the given subject(user) has any permission for it • Apply Conflict Resolution Policy • if the elected rule is a ‘deny’ rule discard the node • otherwise append the node in ListofNodes.

  9. Updating XML • MMDOC-QL • Insert INSERT: (<Doctor> WITH Name=%refdoc) BEFORE (<diagnosis> with item=“Pneumonia”) PATTERN: {*[A-Z][ ] /%refdoc}; FROM: hospital.xml CONTEXT: {<diagnosis> with item=“Pneumonia”);

  10. Insert /files /record @id= 9203 /member /name /diagnosis /Doctor /text( ) Jeff Daan /item @id=”daan” /text( ) %refdoc /text( ) Pneumonia

  11. Write Access to XML • ‘List of Nodes’ = All nodes in INSERT and CONTEXT clauses • For each node in XML tree, label whether the write access is granted or denied. • If all nodes in ‘List of Nodes’ are granted • apply insert • otherwise return error.

  12. Conclusion • Discussion of Access control policy in XML • Updating XML document • Write Access policy and authorization in XML

  13. Questions and Answers

  14. Thankyou

More Related