Method and apparatus for secure processing of XML-based documents
First Claim
1. A method for securely providing access to Extensible Markup Language (XML) data of an XML document comprising:
- Defining at least one access control policy for at least one user of the XML document; and
Deriving a security view of a Document Type Definition (DTD) of the XML document for the schema level processing employs at least one internal query annotation, made to the DTD, describing the access control policy, wherein the security view is computed as a function of a DTD view and a function defined via Xpath queries, wherein the step of deriving a security view further comprises invoking, if a first accessible element type of the DTD has not been previously processed, a first sub process that includes;
Computing a query annotation for each child element in a production rule of the first accessible element type;
Computing a view production rule for the first accessible element type in a view DTD representing an accessible portion of the XML document; and
Computing a security view for each child element in the production rule of the first accessible element type.
5 Assignments
0 Petitions
Accused Products
Abstract
Method for providing controlled access to an XML document includes defining at least one access control policy for a user of the XML document, deriving a security view of the XML document for the user based upon said access control policy and schema level processing of the XML document and translating a user query based on the security view of the XML document to an equivalent query based on the XML document. An apparatus for same includes means for defining an access control policy for a user of the XML document and means for deriving a security view of the XML document for the user based on said access control policy and schema level processing of the XML document. Also included are means for translating a user query based on the security view of the XML document to an equivalent query based on the XML document.
-
Citations
13 Claims
-
1. A method for securely providing access to Extensible Markup Language (XML) data of an XML document comprising:
-
Defining at least one access control policy for at least one user of the XML document; and Deriving a security view of a Document Type Definition (DTD) of the XML document for the schema level processing employs at least one internal query annotation, made to the DTD, describing the access control policy, wherein the security view is computed as a function of a DTD view and a function defined via Xpath queries, wherein the step of deriving a security view further comprises invoking, if a first accessible element type of the DTD has not been previously processed, a first sub process that includes; Computing a query annotation for each child element in a production rule of the first accessible element type; Computing a view production rule for the first accessible element type in a view DTD representing an accessible portion of the XML document; and Computing a security view for each child element in the production rule of the first accessible element type. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus for performing an operation of securely providing access to Extensible Markup Language (XML) data of an XML document comprising:
-
means for defining at least one access control policy for at least one user of the XML document; and means for deriving a security view of a Document Type Definition (DTD) of the XML document for the schema level processing employs at least one internal query annotation, made to the DTD, describing the access control policy, wherein the security view is computed as a function of a DTD view and a function defined via Xpath queries, wherein the step of deriving a security view further comprises invoking, if a first accessible element type of the DTD has not been previously processed, a first sub process that includes; Computing a query annotation for each child element in a production rule of the first accessible element type; Computing a view production rule for the first accessible element type in a view DTD representing an accessible portion of the XML document; and Computing a security view for each child element in the production rule of the first accessible element type. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification