XML Secure Views Using Semantic Access Control

摘要

The OASIS extensible Access Control Language (XACML) provides an interoperable tool for writing and enforcing access control policies based on attributes, I.e. characteristics of the entities that take part to the access, such as subjects or actions. Unfortunately, the attribute based approach starts to show its limits when entities exhibit complex relationships, such as semantic relations, which would be easily captured using ontologies instead of attributes. This paper integrates the XACML attribute model with an OWL ontology and describes a practical privacy filtering application able to filter out information from XML documents, according to a set of XACML semantic privacy policies.