RDF-Based XML Access Control Language (RXACL)
In this project we are developing an access control framework that provides flexible security granularity for XML documents. RDF statements are used to represent security objects and to express security policy. The concepts of simple security object and association security object are defined. Our model allows to express and enforce access control on XML trees and their associations. Access control rules, corresponding to (s,o,+_a) triples are represented as RDF staetments with properites access type user and object. A history file is maintained for each user that allows decision making using temporal data
We also propose a query-filtering technique that evaluate XML queries to detect disclosure of association-level security objects. A query Q discloses a security object o iff the (tree) automata corresponding to o accepts Q. We show that our schema-level method detects all possible disclosures, i.e., it is complete.
- RDF Metadata for XML Access Control
- V. Gowadia and C. Farkas, RDF Metadata for XML Access Control, Proceedings of the ACM CCS Workshop on XML Security 2003, October 2003
- V. Gowadia and C.Farkas, Tree Automata for Schema-level Filtering of XML Associations, Proceedings of the 3rd International Workshop on Security in Information Systems, WOSIS 2005
- RXACL implementation (version 0.1)
- Source code available on request. Contact us at .
- RXACL Summary (Poster)