XML documents usually contain private information that cannot be shared by every user communities. It is widely used in web environment. XML database is becoming increasingly important since it consists of XML documents. Several applications for supporting selective access to data are available over the web. Usage control has been considered as the next generation access control model with distinguishing properties of decision continuity. It has been proven efficient to improve security administration with flexible authorization management. Object-oriented database systems represent complex data structure and XML databases may be stored in the objects-oriented database system. Therefore authorization models for XML databases could be used the same the models as object-oriented databases. In this paper, we propose usage control models to access XML databases and compare with an authorization model designed for object-oriented databases. We have analysed the characteristics of various access authorizations and presented detailed models for different kinds of authorizations. Finally, comparisons with related works are analysed.
TopIntroduction
The extensible markup language (XML) is a standard for describing the structure of information and content on the Internet over the past several years. XML has recently emerged as the most relevant standardization in the area of document representation through markup language (Bertion, 2002). XML is used to store and exchange data in the Internet environment that may include private messages of customers. It overcomes the complexity of Standard Generalized Markup Language (SGML) and the user can define document structures, removing the limit of the fixed tags in Hypertext Markup Language (HTML). XML documents support storage of information at different degrees of sensitivity and varying granularity levels.
We identified two levels of authorization, instance level and the Document Type Definition (DTD) level are with which authorizations on XML documents can be defined (Bertion, Castano, Ferrari & Mesiti, 1999; Damiani, Capitani & Samarati, 2002). A DTD is a file which contains a formal definition of a particular type of XML documents. A DTD consists of the element declarations and the attributes declarations. Instance level authorizations denote privileges that are relevant only to a specific document. DTD level authorizations specify the privileges of all documents following a given DTD. XML Schema is an XML-based alternative to DTD (Kudo & Hada, 2000). It supports complex constraints for XML components, such as elements, attributes, datatypes and groups. A well-validated XML document must follow the format specified by one or more schemas. In the access control model the central authority uses XML schemas to specify the format of information to be changed. With the features of XML Schema, a flexible and easy-customized access control model can be achieved.
Access control has been considered as a major issue in information security community since the beginning of the information security discipline (Park & Sandhu, 2002). Through access control, the system can restrict unauthorized access to the resources in the system and guarantees the confidentiality and integrity of the resources. Manage access control for database or other collections of structured data, the traditional access control models, the discretionary and mandatory access control (Damiani, Paraboschi & Samarati, 2002; Damiani, Samarati, Vimercati & Paraboschi, 2001; Kudo & Hada, 2000) have been augmented by various research groups. Usage control is a new access control model which extends traditional access control models and other access control models in many aspects. The term “usage” means usage of rights on digital objects. The main difference between usage control and traditional access control models are the continuity of access decision and the mutability of subject attributes and object attributes (Sandhu & Park, 2003).