FINE-GRAINED, LABEL-BASED, XML ACCESS CONTROL MODEL
First Claim
1. A computer program product comprising a computer readable medium having:
- computer usable program code executable to perform operations to control access to an XML document comprising a plurality of nodes and a plurality of paths between each of the nodes, the operations of the computer program product comprising;
referencing a schema definition comprising a path security label definition associated with a sibling-to-sibling path of an XML document;
receiving an XML document to be validated by comparison with the schema definition;
comparing the XML document to the schema definition;
verifying that the XML document has a path security label associated with a sibling-to-sibling path that is at least as restrictive as that specified by the path security label definition of the schema definition for the nodes associated with the sibling-to-sibling path;
determining an access security label assigned to a user seeking to access the sibling-to-sibling path protected by the path security label;
comparing, using pre-determined access rules, the path security label to the access security label to determine whether the user is authorized to access the sibling-to-sibling path; and
controlling access to the sibling-to-sibling path in accordance with the access rules.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for controlling access to an XML document includes referencing a schema definition comprising a path security label definition associated with a sibling-to-sibling path of an XML document. An XML document may then be validated by comparing it with the schema definition. This validation may include verifying that the XML document has a path security label associated with a sibling-to-sibling path that is at least as restrictive as that specified by the path security label definition. An access security label may be assigned to a user seeking to access the sibling-to-sibling path. The path security label and the access security label may then be compared, using pre-determined access rules, to determine whether the user is authorized to access the sibling-to-sibling path. Access to the sibling-to-sibling path may then be granted or denied according to the access rules.
-
Citations
8 Claims
-
1. A computer program product comprising a computer readable medium having:
- computer usable program code executable to perform operations to control access to an XML document comprising a plurality of nodes and a plurality of paths between each of the nodes, the operations of the computer program product comprising;
referencing a schema definition comprising a path security label definition associated with a sibling-to-sibling path of an XML document; receiving an XML document to be validated by comparison with the schema definition; comparing the XML document to the schema definition; verifying that the XML document has a path security label associated with a sibling-to-sibling path that is at least as restrictive as that specified by the path security label definition of the schema definition for the nodes associated with the sibling-to-sibling path; determining an access security label assigned to a user seeking to access the sibling-to-sibling path protected by the path security label; comparing, using pre-determined access rules, the path security label to the access security label to determine whether the user is authorized to access the sibling-to-sibling path; and controlling access to the sibling-to-sibling path in accordance with the access rules. - View Dependent Claims (2, 3, 4)
- computer usable program code executable to perform operations to control access to an XML document comprising a plurality of nodes and a plurality of paths between each of the nodes, the operations of the computer program product comprising;
-
5. A computer program product to control access to an XML document comprising a plurality of nodes and a plurality of paths between each of the nodes, the computer program product comprising a computer-readable medium storing a program of computer-readable instruction that when executed on a computer causes the computer to:
-
generate a schema definition comprising a path security label definition associated with a sibling-to-sibling path of an XML document; receive an XML document to be validated by comparison with the schema definition; compare the XML document to the schema definition; verify that the XML document has a path security label associated with a sibling-to-sibling path that is at least as restrictive as that specified by the path security label definition; assign an access security label to a user seeking to access the sibling-to-sibling path protected by the path security label; compare, using pre-determined access rules, the path security label to the access security label to determine whether the user is authorized to access the sibling-to-sibling path; and control access to the sibling-to-sibling path in accordance with the access rules. - View Dependent Claims (6, 7, 8)
-
Specification