整合改良式以角色為基礎之存取控制與XML文件控制於XML文件庫

Abstract

隨著網際網路的快速成長，有越來越多的應用程式或網頁環境使用XML文件來儲存資料，但是由於XML具有和一般文件不同的特性，所以我們需要一個新的方式來處理XML文件庫的存取控制。但根據我們的研究調查，目前並沒有一個好的解決方式。 XML文件庫中儲存有數量龐大的文件，且XML文件比起一般的純文字文件較具有結構性而XML文件庫管理者可能會限制使用者只能存取XML文件中的某些元素(Element)。有鑑於此，本論文提出了IRXAC (Integrated Role based and XML document Access Control)，以作為妥善處理XML文件庫存取控制的方法。IRXAC包含了Role Based Access Control Phase及XML Document Access Control Phase。Role Based Access Control Phase乃從RBAC (Role Based Access Control) /GRBAC (Generalized Role Based Access Control，為一RBAC的相關研究)改良而來，可以對檔案系統做良好的存取控制。XML Document Access Control Phase是改良自XML文件存取控制，可以針對XML文件的元素做存取控制。

With the rapid growth of Internet, more and more Internet and Web applications use XML to store data. Because XML documents are different from normal documents in some aspects, a new method to perform access control on XML repositories is necessary. However, according to our survey, there is no good solution to perform access control on XML repositories. An XML repository stores a vast amount of XML documents. An XML document is more structural than a plain-text file. Furthermore, the administrator of an XML repository may want to control the accessibility of an element within an XML file. In view of this, this thesis proposes IRXAC (Integrated Role based and XML document Access Control), which encompasses the Role Based Access Control Phase and the XML Document Access Control Phase, as a solution of access control on XML repositories. The Role Based Access Control Phase, which is modified from RBAC (Role Based Access Control) / GRBAC (Generalized Role Based Access Control, an extension of RBAC), performs the file-level access control. The XML Document Access Control Phase, which is modified from XML document access control models, performs the element-level access control.