Author-X: A Java-Based System for XML Data Protection

XML (eXtensible Markup Language) has recently emerged as the most relevant standardization eort in the area of markup languages, and it is increasingly used as the language for information exchange over Web. In this context, developing an access control mechanism in terms of XML is an important step for Web information security. In this paper, we present Author-X , a Java-based system for access control to XML documents. Author-X implements a discretionary access control model speciically tailored to the characteristics of XML documents. In particular, Author-X allows (i) a set-oriented and document-oriented protection, by supporting authorizations both at document t ype level and document l e v ell (ii) a diierentiated protection of document/document t ype contents by supporting multi-granularity protection objects and positive/negative authorizationss (iii) a controlled propagation of authorizations among protection objects, by enforcing multiple propagation options. The overall architecture of Author-X is described. Implementation issues and choices of Author-X are discussed, with respect to the XML authorization base and access control. A practical application of Author-X to the protection of a real XML source is provided.