Authorization translation for XML document transformation

Somchai Chatvichienchai, Mizuho Iwaihara, Yahiko Kambayashi

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

XML access control models proposed in the literature enforce access restrictions directly on the structure and content of an XML document. Therefore access authorization rules (authorizations, for short), which specify access rights of users on information within an XML document, must be revised if they do not match with changed structure of the XML document. In this paper, we present two authorization translation problems. The first is a problem of translating instance-level authorizations for an XML document. The second is a problem of translating schema-level authorizations for a collection of XML documents conforming to a DTD. For the first problem, we propose an algorithm that translates instance-level authorizations of a source XML document into those for a transformed XML document by using instance-tree mapping from the transformed document instance to the source document instance. For the second problem, we propose an algorithm that translates value-independent schema-level authorizations of non-recursive source DTD into those for a non-recursive target DTD by using schema-tree mapping from the target DTD to the source DTD. The goal of authorization translation is to preserve authorization equivalence at instance node level of the source document. The XML access control models use path expressions of XPath to locate data in XML documents. We define property of the path expressions (called node-reducible path expressions) that we can transform schema-level authorizations of value-independent type by schema-tree mapping. To compute authorizations on instances of schema elements of the target DTD, we need to identify the schema elements whose instances are located by a node-reducible path expression of a value-independent schema-level authorization. We give an algorithm that carries out path fragment containment test to identify the schema elements whose instances are located by a node-reducible path expression.

Original languageEnglish
Pages (from-to)111-138
Number of pages28
JournalWorld Wide Web
Volume7
Issue number1
DOIs
Publication statusPublished - 2004 Mar
Externally publishedYes

Fingerprint

XML
Access control

Keywords

  • Authorizations
  • Database security
  • Document transformation
  • XML access control models
  • XML documents

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Authorization translation for XML document transformation. / Chatvichienchai, Somchai; Iwaihara, Mizuho; Kambayashi, Yahiko.

In: World Wide Web, Vol. 7, No. 1, 03.2004, p. 111-138.

Research output: Contribution to journalArticle

Chatvichienchai, Somchai ; Iwaihara, Mizuho ; Kambayashi, Yahiko. / Authorization translation for XML document transformation. In: World Wide Web. 2004 ; Vol. 7, No. 1. pp. 111-138.
@article{ed6cab70082148df962823fb73dca9fb,
title = "Authorization translation for XML document transformation",
abstract = "XML access control models proposed in the literature enforce access restrictions directly on the structure and content of an XML document. Therefore access authorization rules (authorizations, for short), which specify access rights of users on information within an XML document, must be revised if they do not match with changed structure of the XML document. In this paper, we present two authorization translation problems. The first is a problem of translating instance-level authorizations for an XML document. The second is a problem of translating schema-level authorizations for a collection of XML documents conforming to a DTD. For the first problem, we propose an algorithm that translates instance-level authorizations of a source XML document into those for a transformed XML document by using instance-tree mapping from the transformed document instance to the source document instance. For the second problem, we propose an algorithm that translates value-independent schema-level authorizations of non-recursive source DTD into those for a non-recursive target DTD by using schema-tree mapping from the target DTD to the source DTD. The goal of authorization translation is to preserve authorization equivalence at instance node level of the source document. The XML access control models use path expressions of XPath to locate data in XML documents. We define property of the path expressions (called node-reducible path expressions) that we can transform schema-level authorizations of value-independent type by schema-tree mapping. To compute authorizations on instances of schema elements of the target DTD, we need to identify the schema elements whose instances are located by a node-reducible path expression of a value-independent schema-level authorization. We give an algorithm that carries out path fragment containment test to identify the schema elements whose instances are located by a node-reducible path expression.",
keywords = "Authorizations, Database security, Document transformation, XML access control models, XML documents",
author = "Somchai Chatvichienchai and Mizuho Iwaihara and Yahiko Kambayashi",
year = "2004",
month = "3",
doi = "10.1023/B:WWWJ.0000015867.80713.fc",
language = "English",
volume = "7",
pages = "111--138",
journal = "World Wide Web",
issn = "1386-145X",
publisher = "Springer New York",
number = "1",

}

TY - JOUR

T1 - Authorization translation for XML document transformation

AU - Chatvichienchai, Somchai

AU - Iwaihara, Mizuho

AU - Kambayashi, Yahiko

PY - 2004/3

Y1 - 2004/3

N2 - XML access control models proposed in the literature enforce access restrictions directly on the structure and content of an XML document. Therefore access authorization rules (authorizations, for short), which specify access rights of users on information within an XML document, must be revised if they do not match with changed structure of the XML document. In this paper, we present two authorization translation problems. The first is a problem of translating instance-level authorizations for an XML document. The second is a problem of translating schema-level authorizations for a collection of XML documents conforming to a DTD. For the first problem, we propose an algorithm that translates instance-level authorizations of a source XML document into those for a transformed XML document by using instance-tree mapping from the transformed document instance to the source document instance. For the second problem, we propose an algorithm that translates value-independent schema-level authorizations of non-recursive source DTD into those for a non-recursive target DTD by using schema-tree mapping from the target DTD to the source DTD. The goal of authorization translation is to preserve authorization equivalence at instance node level of the source document. The XML access control models use path expressions of XPath to locate data in XML documents. We define property of the path expressions (called node-reducible path expressions) that we can transform schema-level authorizations of value-independent type by schema-tree mapping. To compute authorizations on instances of schema elements of the target DTD, we need to identify the schema elements whose instances are located by a node-reducible path expression of a value-independent schema-level authorization. We give an algorithm that carries out path fragment containment test to identify the schema elements whose instances are located by a node-reducible path expression.

AB - XML access control models proposed in the literature enforce access restrictions directly on the structure and content of an XML document. Therefore access authorization rules (authorizations, for short), which specify access rights of users on information within an XML document, must be revised if they do not match with changed structure of the XML document. In this paper, we present two authorization translation problems. The first is a problem of translating instance-level authorizations for an XML document. The second is a problem of translating schema-level authorizations for a collection of XML documents conforming to a DTD. For the first problem, we propose an algorithm that translates instance-level authorizations of a source XML document into those for a transformed XML document by using instance-tree mapping from the transformed document instance to the source document instance. For the second problem, we propose an algorithm that translates value-independent schema-level authorizations of non-recursive source DTD into those for a non-recursive target DTD by using schema-tree mapping from the target DTD to the source DTD. The goal of authorization translation is to preserve authorization equivalence at instance node level of the source document. The XML access control models use path expressions of XPath to locate data in XML documents. We define property of the path expressions (called node-reducible path expressions) that we can transform schema-level authorizations of value-independent type by schema-tree mapping. To compute authorizations on instances of schema elements of the target DTD, we need to identify the schema elements whose instances are located by a node-reducible path expression of a value-independent schema-level authorization. We give an algorithm that carries out path fragment containment test to identify the schema elements whose instances are located by a node-reducible path expression.

KW - Authorizations

KW - Database security

KW - Document transformation

KW - XML access control models

KW - XML documents

UR - http://www.scopus.com/inward/record.url?scp=3543148442&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=3543148442&partnerID=8YFLogxK

U2 - 10.1023/B:WWWJ.0000015867.80713.fc

DO - 10.1023/B:WWWJ.0000015867.80713.fc

M3 - Article

AN - SCOPUS:3543148442

VL - 7

SP - 111

EP - 138

JO - World Wide Web

JF - World Wide Web

SN - 1386-145X

IS - 1

ER -