XML Access Control: from XACML to Annotated Schemas

Ryma Abassi 1 Florent Jacquemard 2 Michael Rusinowitch 3 Sihem Guemara El Fatmi 1
2 DAHU - Verification in databases
LSV - Laboratoire Spécification et Vérification [Cachan], ENS Cachan - École normale supérieure - Cachan, Inria Saclay - Ile de France, CNRS - Centre National de la Recherche Scientifique : UMR8643
3 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies, INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : XML became the de facto standard for the data representation and exchange on the internet. Regarding XML documents access control policy definition, OASIS ratified the XACML standard. It is a declarative language allowing the specification of authorizations as rules. Furthermore, it is common to formally represent XML documents as labeled trees and to handle secure requests through “user views”. A user view is the part of the document accessible to a given user according to the existing policy. Moreover, control access polices can be depicted as annotated rules where annotations define for each document node whether it is accessible. Hence, an annotated schema is a formal representation of “user views”. Our main contribution in this paper is then three folds. First, we compare XACML policies and annotated schemas. Second, we identify a significant fragment of XACML since this latter is very expressive and consequently complex. Third, we define adequate translation algorithms from XACML policies to annotated schemas.
Type de document :
Communication dans un congrès
Second International Conference on Communications and Networking (ComNet), Nov 2010, Tozeur, Tunisia. IEEE Computer Society Press, pp.1-8, 2010, 〈http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5699810〉. 〈10.1109/COMNET.2010.5699810〉
Liste complète des métadonnées

https://hal.inria.fr/inria-00578884
Contributeur : Florent Jacquemard <>
Soumis le : mardi 22 mars 2011 - 15:41:40
Dernière modification le : jeudi 11 janvier 2018 - 06:22:14

Identifiants

Citation

Ryma Abassi, Florent Jacquemard, Michael Rusinowitch, Sihem Guemara El Fatmi. XML Access Control: from XACML to Annotated Schemas. Second International Conference on Communications and Networking (ComNet), Nov 2010, Tozeur, Tunisia. IEEE Computer Society Press, pp.1-8, 2010, 〈http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5699810〉. 〈10.1109/COMNET.2010.5699810〉. 〈inria-00578884〉

Partager

Métriques

Consultations de la notice

123