____________________________ xml access control for semantically related xml documents & a...
TRANSCRIPT
________________________________________________________
XML Access Control for Semantically XML Access Control for Semantically Related XML DocumentsRelated XML Documents
&&A Role-Based Approach to Access Control A Role-Based Approach to Access Control
For XML DatabasesFor XML Databases
BYBYAsheesh KumarAsheesh Kumar
AXK0656AXK0656April 27, 2006April 27, 2006
XML Access Control for Semantically XML Access Control for Semantically Related XML DocumentsRelated XML Documents
__________________________________________________________________________________________
Vijay Parmar and Hongchi ShiVijay Parmar and Hongchi ShiDepartment of Computer Science & Computer Department of Computer Science & Computer
EngineeringEngineering
University of Missouri- Columbia, USAUniversity of Missouri- Columbia, USA
Su-Shing ChenSu-Shing Chen Dept of computer & Information Science &
Engineering University of Florida, USA
A Role-Based Approach to Access A Role-Based Approach to Access Control for XML DatabasesControl for XML Databases
__________________________________________________________________________________________
Zingzhu WangZingzhu Wang Department of Computer ScienceDepartment of Computer Science
University of Western Ontario, CanadaUniversity of Western Ontario, Canada
Su-Shing ChenSu-Shing Chen Department of Computer ScienceDepartment of Computer Science
University of Western Ontario, CanadaUniversity of Western Ontario, Canada
XML most preferred way to store & exchange XML most preferred way to store & exchange informationinformation
Need to provide controlled access to such Need to provide controlled access to such information is imminentinformation is imminent
Authors propose an access control policy & Authors propose an access control policy & mechanism for a collection of semantically mechanism for a collection of semantically related XML documents related XML documents
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
Features of proposed access control Features of proposed access control mechanismmechanism
It is developed for XML documents- It is developed for XML documents- semantically relatedsemantically related
Access control conditions can be specified Access control conditions can be specified based on contents of the documentbased on contents of the document
Access control is role basedAccess control is role based
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
Assume that each XML document resembles Assume that each XML document resembles an entity playing a certain rolean entity playing a certain role
Each entity has certain relationships with Each entity has certain relationships with other entities (XML document)other entities (XML document)
An access request may result in data coming An access request may result in data coming from more than one document in the from more than one document in the collectioncollection
Semantic relationships, so document playing Semantic relationships, so document playing a certain role can have access to other a certain role can have access to other entities playing a different roleentities playing a different role
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
Sample relationships of entities playing particular Sample relationships of entities playing particular rolerole
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
Relationship between entities (XML documents)Relationship between entities (XML documents)
Observations for Access Control Policy Observations for Access Control Policy XML documents are not accessed by the XML documents are not accessed by the
document names..document names.. Entity playing a role may requests data from Entity playing a role may requests data from
collection of XML documents by giving a collection of XML documents by giving a general request over the whole collectiongeneral request over the whole collection
Now, requesting entities identification & role Now, requesting entities identification & role would cause access control mechanism to would cause access control mechanism to restrict its access according to access control restrict its access according to access control policypolicy
All documents in collection must comply with All documents in collection must comply with same DTD, so all entities playing a similar role same DTD, so all entities playing a similar role have same structure but different content have same structure but different content
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
Overview of Access Control Policy Overview of Access Control Policy SpecificationSpecification
The Access Control Policy DTD The Access Control Policy DTD
Operation types and execution Operation types and execution ReadRead WriteWrite CreateCreate DeleteDelete
Operations are performed by first querying Operations are performed by first querying the XML document collection with the the XML document collection with the XPATH query expression provided in the XPATH query expression provided in the access requestaccess request
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
Steps involved in Read Operation Steps involved in Read Operation XPath query is processed on collection of XPath query is processed on collection of
XML documentsXML documents Results checked for list of allowed elements Results checked for list of allowed elements
for read operation under the appropriate for read operation under the appropriate rolerole
Result of above step leaves a set of document Result of above step leaves a set of document fragment that is further checked for access fragment that is further checked for access control conditioncontrol condition
Condition for each allowed element and sub Condition for each allowed element and sub element is checkedelement is checked
If conditions are satisfied, the content of If conditions are satisfied, the content of allowed element are not deleted allowed element are not deleted
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
A sample Read A sample Read operationoperation
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
Condition Specification Condition Specification Conditions indicate constraint for the access Conditions indicate constraint for the access
to the particular allowed element for a to the particular allowed element for a specific operationspecific operation
Presence of name of an element in the Presence of name of an element in the allowed element list indicates that it is allowed element list indicates that it is allowed for access for a particular role only allowed for access for a particular role only if the conditions are satisfiedif the conditions are satisfied
Conditions can be specified in the access Conditions can be specified in the access control policy document with the ‘condition’ control policy document with the ‘condition’ element element
AND & OR conditions ..AND & OR conditions ..
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
Condition types Condition types ProhibitProhibit EqualsEquals ExistsExists NotExistsNotExists
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
A sample Condition SpecificationA sample Condition Specification
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
A student is not allowed to update his grades but allowed to view themA student is not allowed to update his grades but allowed to view them
XML Access Control for Semantically XML Access Control for Semantically Related XML Documents Related XML Documents
__________________________________________________________________________________________
Overall Access control modelOverall Access control model
Propose to combine Role Graph Model, Propose to combine Role Graph Model, Authorization Type Graph and Authorization Authorization Type Graph and Authorization Object Schema, Authorization Object Graph Object Schema, Authorization Object Graph
Group of permission -> Role -> assigned to Group of permission -> Role -> assigned to usersusers
Permissions are privilegesPermissions are privileges Privileges are made up of object and access Privileges are made up of object and access
mode ( read/ write etc)mode ( read/ write etc) Object part of an XML database is any part of Object part of an XML database is any part of
XMLXML
A Role-Based Approach to Access A Role-Based Approach to Access Control for XML Databases Control for XML Databases
__________________________________________________________________________________________
A Role-Based Approach to Access A Role-Based Approach to Access Control for XML Databases Control for XML Databases
__________________________________________________________________________________________
Example Role GraphExample Role Graph
A Role-Based Approach to Access A Role-Based Approach to Access Control for XML Databases Control for XML Databases
__________________________________________________________________________________________
Authorization Object Schema for exampleAuthorization Object Schema for example
A Role-Based Approach to Access A Role-Based Approach to Access Control for XML Databases Control for XML Databases
__________________________________________________________________________________________
Authorization Object Graph for exampleAuthorization Object Graph for example
A Role-Based Approach to Access A Role-Based Approach to Access Control for XML Databases Control for XML Databases
__________________________________________________________________________________________
Authorization Type GraphAuthorization Type Graph
A Role-Based Approach to Access A Role-Based Approach to Access Control for XML Databases Control for XML Databases
__________________________________________________________________________________________
Authorization Association MatrixAuthorization Association Matrix
Thank YouThank You
Asheesh KumarAsheesh Kumar
AXK0656AXK0656