RDF-Based XML Access Control Language (RXACL)

In this project we are developing an access control framework that provides flexible security granularity for XML documents. RDF statements are used to represent security objects and to express security policy. The concepts of simple security object and association security object are defined. Our model allows to express and enforce access control on XML trees and their associations. Access control rules, corresponding to (s,o,+_a) triples are represented as RDF staetments with properites access type user and object. A history file is maintained for each user that allows decision making using temporal data

We also propose a query-filtering technique that evaluate XML queries to detect disclosure of association-level security objects. A query Q discloses a security object o iff the (tree) automata corresponding to o accepts Q. We show that our schema-level method detects all possible disclosures, i.e., it is complete.

Publications: