Privilege Algebra for Access Control in Digital Libraries

has become an important source of information. XML has been proposed as a way to encode information organized in digital libraries. In some cases, access to information needs to be controlled to prevent unauthorized access or update. As the number of users of a digital library can be enormous, it has been proposed that credentials, rather than user identifiers, be used to control access. Determining the roles, for a user, is shown to be equivalent to performing a partial-match query on credentials. The roles, credentials, and privileges are modelled according to RBAC (role-based access control), and so given a user’s roles, a number of privileges are determined. As privileges may be complex, and as many roles may be associated with any one user, privileges may appear to conflict. We propose in this paper a privilege algebra for evaluating privileg