The Research And Application Of Access Control Model Based On XML

XML is a markup language brought up by W3C and it has become the factual standard of data exchange over internet for its platform and network independence. Its security has increasingly got people's attentions along with more and more data being stored in XML. Access Control is one of effective method to insure the security of data. Different from the traditional file system which implements access control in file level, we must protect the XML data in element and attribute level. This paper carries through a study on XML data oriented Access Control in order to achieve an applied model. The main tasks, as follows:First, a few technologies which are correlative with XML are introduced, such as XPath,DOM,XSL. Then we recommend three Access Control Policies, for example DAC,MAC and RBAC.Second, we extend the RBAC96 model based on the Police Station System and classify the stored data. The ideas of Positional Role, Provisional Role, Abstract Role and Global Role are put forward and the exact definitions of each concept are also advanced. At last, a new Access Control Model, DR-RBAC (Double Roles-Role based Access Control Model), is constructed.Third, the expression of each entity in DR-RBAC Model is exhaustively described in XML. What have been studied also include Permission Propagation, Access Type, Access Control Policy, Restriction and so on. We definite two different policies based on the diversity of request for security. The Positional Policy is defined normatively. But in order to satisfy the agile request, we definite the Provisional Policy by four simplified authorization templates. Through the import of time element in Abstract Roles-Global Roles Mapping Collection, policies are more precisely granted to Abstract Roles.At last, based on the DR-RBAC model, the design of XOACS (XML Oriented Access Control System) is given. The basic framework of the system is also given. The functions of each subsystem and some key arithmetic are fully described. At last, we give out a whole access control flow.