A Flexible Framework for Architecting XML Access Control Enforcement Mechanisms

Abstract. Due to the growing interest in XML security, various access control schemes have been proposed recently. However, little effort has been put forth to facilitate a uniform analysis and comparison of these schemes under the same framework. This paper presents a first attempt toward a flexible framework that can capture the design principles and operations of existing XML access control mechanisms. Under this framework, we observe that most existing XML access control mechanisms share the same design principle with slightly different orderings of underlying building blocks (i.e., data, query, and access control rule). Furthermore, according to the framework, we identify four plausible approaches to implement XML access controls, namely built-in, view-based, pre-processing and post-processing. Finally, we compare the actual performance of different approaches.