Abstract
The remarkable growth of the World Wide Web in recent years has made it possible to distribute information to users in the form of an unorganized and unstructured collection of documents. While security is an important aspect in such a scenario, access control systems available today result too rigid and limited. We present an approach to specify and enforce access restrictions to Web documents. The approach provides flexible, as it allows to enforce a variety of security policies and requirements at a fine-grained level without affecting the data organization.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35515-3_53
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
XML Path Language (XPath) Version 1.0. World Wide Web Consortium (W3C). http://www.w3.org/TR/PR-xpath19991008.
Bray, T., Paoli, J., and Sperberg-McQueen, C. (1998). Extensible Markup Language (XML) 1.0. World Wide Web Consortium (W3C). http://www.w3.org/TR/REC-xml.
Buneman, P. (1997). Semistructured Data. In 1997 Symposium on Principles of Database Systems (PODS97), pages 117–121, Tucson, Arizona.
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., and Samarati, P. (2000). Securing XML Documents. In VII Conference on Extending Database Technology (EDBT2000),Konstanz, Germany.
Goldman, R., McHugh, J., and Widom, J. (1999). From Semistructured Data to XML: Migrating the Lore Data Model and Query Language. In Proc. of the 2nd International Workshop on the Web and Databases (WebDB ‘89),Philadelphia, Pennsylvania.
Jajodia, S., Samarati, P., and Subrahmanian, V. (1997). A Logical Language for Expressing Authorizations. In Proc. of the IEEE Symposium on Security and Privacy, pages 31–42, Oakland, CA.
Lunt, T. (1989). Access Control Policies for Database Systems. In Landwehr, C., editor, Database Security, II: Status and Prospects, pages 41–52. North-Holland, Amsterdam.
Papakonstantinou, Y., Garcia-Molina, H., and Widom, J. (1995). Object Exchange Across Heterogeneous Information Sources. In ICDE, pages 251–260, Taipei, Taiwan.
Rescher, N. (1969). Many Valued Logics. Mc Graw-Hill, New York.
Samarati, P., Bertino, E., and Jajodia, S. (1996). An Authorization Model for a Distributed Hypertext System. IEEE Transactions on Knowledge and Data Engineering, 8 (4): 555–562.
Siméon, J. and Smaga, K. (1998). Your Mediators Need Data Conversion! In Proc. of the ACM SIGMOD’98 International Conference on Management of Data,Seattle, Washington.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this paper
Cite this paper
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P. (2000). Regulating Access to Semistructured Information on the Web. In: Qing, S., Eloff, J.H.P. (eds) Information Security for Global Information Infrastructures. SEC 2000. IFIP — The International Federation for Information Processing, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35515-3_36
Download citation
DOI: https://doi.org/10.1007/978-0-387-35515-3_36
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5479-7
Online ISBN: 978-0-387-35515-3
eBook Packages: Springer Book Archive