Access Control in XML Repositories Using a Role-Based Approach

Abstract

Nowadays, more and more Internet and Web applications store data in XML documents, which are more structured than unstructured plain text files. Administrators of an XML repository want to control the accessibility of both an XML file and an element within an XML file. However, traditional access control methods do not consult the semi-structure characteristics of XML documents. In view of this, this work proposes Integrated Role-based and XML document Access Control (IRXAC), which encompasses the Role Based Access Control phase and the XML Document Access Control phase, as a solution of access control on an XML repository. The former phase performs file-level access control and decides the accessibility of an XML file. The latter phase performs element-level access control and decides the accessibility of an element. Besides the details of IRXAC, the comparisons of IRXAC with other access control methods are shown.