20,602 research outputs found
Trusted-based scalable access control model for broadcast XML documents.
XML language is becoming a de facto standard for representing and transmitting data on the web so controlling access to XML documents is an important issue. Several XML access control approaches have been proposed to control the access of the published XML documents but these approaches still cannot scale well wim increased system and management workload because they specify and enforce their access control policies in centralized servers. We have proposed a distributed XML access control model for that improves the scalability by distributing the system and management workloads into several servers and different administrator, respectively. In this paper, the scalability of the proposed model is evaluated using a quantitative approach that shows that the proposed model is cost-effectively scalable with an increase in system and management workloads
On Fine-Grained Access Control for XML
Fine-grained access control for XML is about controlling access to XML documents at the granularity of individual elements or attributes. This thesis addresses two problems related to XML access controls. The first is efficient, secure evaluation of XPath expressions. We present a technique that secures path expressions by means of query modification, and we show that the query modification algorithm is correct under a language-independent semantics for secure query evaluation. The second problem is to provide a compact, yet useful, representation of the access matrix. Since determining a user's privilege directly from access control policies can be extremely inefficient, materializing the access matrix---the net effect of the access control policies---is a common approach to speed up the authorization decision making. The fine-grained nature of XML access controls, however, makes the space cost of matrix materialization a significant issue. We present a codebook-based technique that records access matrices compactly. Our experimental study shows that the codebook approach exhibits significant space savings over other storage schemes, such as the access control list and the compressed accessibility map. The solutions to the above two problems provide a foundation for the development of an efficient mechanism that enforces fine-grained access controls for XML databases in the cases of query access
Distributed Access Control for Web and Business Processes
Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes
A General Approach for Securely Querying and Updating XML Data
Over the past years several works have proposed access control models for XML
data where only read-access rights over non-recursive DTDs are considered. A
few amount of works have studied the access rights for updates. In this paper,
we present a general model for specifying access control on XML data in the
presence of update operations of W3C XQuery Update Facility. Our approach for
enforcing such updates specifications is based on the notion of query rewriting
where each update operation defined over arbitrary DTD (recursive or not) is
rewritten to a safe one in order to be evaluated only over XML data which can
be updated by the user. We investigate in the second part of this report the
secure of XML updating in the presence of read-access rights specified by a
security views. For an XML document, a security view represents for each class
of users all and only the parts of the document these users are able to see. We
show that an update operation defined over a security view can cause disclosure
of sensitive data hidden by this view if it is not thoroughly rewritten with
respect to both read and update access rights. Finally, we propose a security
view based approach for securely updating XML in order to preserve the
confidentiality and integrity of XML data.Comment: No. RR-7870 (2012
IVOA Recommendation: IVOA Support Interfaces
This document describes the minimum interface that a (SOAP- or REST-based)
web service requires to participate in the IVOA. Note that this is not required
of standard VO services developed prior to this specification, although uptake
is strongly encouraged on any subsequent revision. All new standard VO
services, however, must feature a VOSI-compliant interface.
This document has been produced by the Grid and Web Services Working Group.
It has been reviewed by IVOA Members and other interested parties, and has been
endorsed by the IVOA Executive Committee as an IVOA Recommendation. It is a
stable document and may be used as reference material or cited as a normative
reference from another document. IVOA's role in making the Recommendation is to
draw attention to the specification and to promote its widespread deployment.
This enhances the functionality and interoperability inside the Astronomical
Community
Repairing Inconsistent XML Write-Access Control Policies
XML access control policies involving updates may contain security flaws,
here called inconsistencies, in which a forbidden operation may be simulated by
performing a sequence of allowed operations. This paper investigates the
problem of deciding whether a policy is consistent, and if not, how its
inconsistencies can be repaired. We consider policies expressed in terms of
annotated DTDs defining which operations are allowed or denied for the XML
trees that are instances of the DTD. We show that consistency is decidable in
PTIME for such policies and that consistent partial policies can be extended to
unique "least-privilege" consistent total policies. We also consider repair
problems based on deleting privileges to restore consistency, show that finding
minimal repairs is NP-complete, and give heuristics for finding repairs.Comment: 25 pages. To appear in Proceedings of DBPL 200
The State-of-the-arts in Focused Search
The continuous influx of various text data on the Web requires search engines to improve their retrieval abilities for more specific information. The need for relevant results to a user’s topic of interest has gone beyond search for domain or type specific documents to more focused result (e.g. document fragments or answers to a query). The introduction of XML provides a format standard for data representation, storage, and exchange. It helps focused search to be carried out at different granularities of a structured document with XML markups. This report aims at reviewing the state-of-the-arts in focused search, particularly techniques for topic-specific document retrieval, passage retrieval, XML retrieval, and entity ranking. It is concluded with highlight of open problems
Information systems models in higher education
This paper intends to contribute to a better understanding of the process through which information resource, information technology, and organisation actors can contribute to the performance and quality of higher education institutions. Conceptual models will be presented and discussed
- …