XML Access Control for Semantically Related XML Documents Vijay Parmar and Hongchi Shi Department of Computer Engineering & Computer Science University of Missouri-Columbia Columbia, MO 65211, USA vnp9b1@mizzou.edu shi@cecs.missouri.edu Su-Shing Chen Department of Computer & Information Science & Engineering University of Florida Gainesville, FL 32611, USA suchen@cise.ufl.edu Abstract The extensible markup language (XML) is a standard for describing information on the Internet and is quickly becoming the most preferred way to store and exchange information. The need to provide controlled access to such information is imminent. In this paper, we present an access control mechanism for a collection of semantically related XML documents such as a collection of user records in XML for a distributed information system where the existing XML access control mechanisms are not easily applicable. 1. Introduction The extensible markup language (XML) is a standard for describing information to be stored and exchanged on the Internet. There is an imminent need to provide controlled access to such information. In this paper, we present an access control policy and mechanism for a collection of semantically related XML documents. Our access control mechanism has features: (i) It is developed for XML documents semantically related to one another; (ii) Access control conditions can be specified based on the content of the documents; and (iii) Access control is role- based. In the collection of semantically related XML documents for which we develop an access control mechanism, we assume that each XML document resembles an entity playing a certain role, and each entity has certain relationships with other entities (XML documents) in the collection. An example is a collection of records (XML documents) for users of different roles in a distributed information system. It is not always necessary that the target XML document name be known prior to access. In fact, the target document names should be hidden, and the access requester should only know about the content for not accidentally revealing the identity of the entity playing a particular role. An access request may result in data coming from more than one document in the collection. Since the XML documents have relationships, each entity playing a particular role can have access to other entities playing a different role. For XML documents having such semantic relationships, the currently prevailing access control mechanisms are not easily applicable. As shown in the next section, the related work does not cater to such cases and are not flexible. Our access control mechanism is very flexible and stresses on placing conditions for access to any part of the document at any granularity. The rest of this paper is organized as follows. Section 2 gives the related work and discusses the lack of applicability of different approaches for semantically related XML documents. Section 3 presents our way to specify access control policies, discussing in detail about policy and condition specification. Section 4 describes our access control mechanism and its overall model. Section 5 presents an implementation of our access control mechanism. Section 6 concludes the paper with some remarks. 2. Related Work Our access control mechanism is related to many of the previously available access control and authorization models [3-6,8,10-12,14,19]. The work by Bertino et al. provides access control over general XML document Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS’03) 0-7695-1874-5/03 $17.00 © 2002 IEEE