- From: Ernesto Damiani <edamiani@telnetwork.it>
- Date: Thu, 10 Aug 2000 10:59:04 +0200
- To: "Ed Simon" <ed.simon@entrust.com>, <KUDO@jp.ibm.com>, <samarati@dsi.unimi.it>, <donna@v1.wustl.edu>, <reagle@w3.org>, <Malte.Borcherding@brokat.com>, <emiller@oclc.org>, <a.zisman@soi.city.ac.uk>
- Cc: <xml-encryption@w3.org>
- Message-ID: <006c01c002a9$58f42de0$472414c2@it.telnetwork.it>
RE: XML Encryption strawman proposalDear all,
A couple of weeks ago I posted a document (reproduced below in an amended version: I took the liberty of pasting in Kudo's comments and references that were posted to the list via a separate message) proposing some pre-standardization activity in the field of XML Access Control. I believe the next step could be discussing the possibility of a W3C Briefing Package/Proposal for a W3C working group on this subject. Standardization activity on access control to semi-structured data is not unheard of: thanks to Donna Hanlon, I discovered that some provisions for access control are part of the ISO 10744 (HyTime) specification. Perhaps we could follow the example of what was recently done for the XML encryption activity and plan an informal meeting after some conference or event. Let me know if you are interested.
It would be nice to arrive at that meeting with a new "manifesto" jointly authored by all those interested. What about doing this via e-mail (and posting the result to the list in due time) ?.
Comments, as well as pointers to additional literature, are welcome.
Regards
Ernesto
Below is our argument why there needs to be both research and standardization of XML/RDF security technologies. If you are interested,
please contact us and join us in proposing a IETF BoF and/or a W3C Workshop.
XML fine-grained access control: a manifesto
1. Introduction
Born as a SGML-like standard for defining the structure and semantics of Web documents, XML is now being used as a general-purpose information interchange format in practically every application field of information technology. To name but a few, XML schemata and documents are being used by the database industry as a semi-structured format for datasource integration, by software engineers as a system description language (XMI/UXF), by architects of distributed systems as a lightweight technique for the invocation of remote services (e.g., SOAP) or as an agent communication language, by multimedia experts to specify both temporal and spatial synchronization of multimedia content (SMIL).
Though different from one another, all these application fields share the need to define access and usage policies at the granularity of XML
subtrees, from whole documents to single elements and attributes
2. Expressing Access Control Policies in XML
Our recent research work (some references are given below) has been led by the idea of using XML's own capabilities to specify such policies and to define their enforcement in terms of XML-based computations, taking advantage whenever possible of XML companion technologies such as DOM, SAX and XSL.
Using XML to express access and usage policies allows for naturally expressing such policies corporation-wide (associating a policy to an XML schema) and site-wide (associating a policy to a single XML document). In both cases, policies define access and usage permission at the granularity of XML elements and attributes.
Physically, access control policies are XML documents linked to the data they refer to via external XML links. Like usual metadata, access and usage policies expressed this way are both machine and human-readable; moreover, they can be transferred together with data, and processed via standard enforcement engines. Our prototype enforcement engine, XACP (XML Access Control Processor) was designed with this perspective in mind.
3. The Brokerage Problem
Controlled dissemination of information is at the basis of many current Web applications, where content providers supply information to be
redistributed by value-added brokers or resellers. Often, this scenario requires the content provider to make sure that specific access control policies are enforced by the reseller/broker. Allowing for a standard way of distributing such policies together with data, XML may pave the way to an interoperable, efficient solution of this problem.
4. Request for Comments
Several research groups from both academia and industry are now investigating problems related to XML and access control (notably, IBM Tokyo Research labs and Microsoft Research). Here is a statement by Michiharu Kudo of IBM Tokyo Research Labs, posted to the W3C mailing list:
"The team in Tokyo Research Lab has been interested and involved in several aspects of XML security such as digital signature, element-wise encryption, and access control on XML document as well. Someone may say that standardization for digital signature and encryption on XML is more essential compared to that of XML access control. However, it is often the case that an XML document such as an e-contract contains multi-level security information and the access to that document must be controlled: e.g. sub-portion of the original XML may have a digital signature that must be protected from the anonymous read access. Or when the access comes from the specific department, access is allowed but access must be logged. For these purposes, it is nice to have a fine-grained access control policy specification language for XML document, and also reasonable to provide such a language defined in XML. Thus the team in Tokyo Research Lab designed XACL (XML Access Control specification Language) and implemented a prototype system for e-commerce applications. However, there could be various language definitions, while they have many issues that could be shared in common. Thus I think that it is very good to propose this to some standardization unit as a first step".
In our opinion, too, early standardization will be critical for the practical impact of this work. We believe that discussion and exchange of ideas via the W3C list and, possibly, holding a W3C workshop on this subject could make future standardization easier. Some of the possible discussion topics are listed below:
1. Characteristics and expressive power of an XML based language for access control
2. Genericity of the language w.r.t. security models
3. Are Access Control Policies Metadata ? the role of RDF
4. SAX, DOM or XSL based enforcement engines
5. Performance and scalability of XML-based access control.
We hope this message will stimulate discussion among researchers on these and related topics.
References:
E: Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati
"Securing XML Documents"
Proc. of EDBT 2000, Konstanz, Germany, March 2000. Lecture Notes in Computer Science 1777
E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati
"Design and Implementation of an Access Control Processor for XML Documents"
Computer Networks 2307/Proc. of WWW 9, Amsterdam, The Netherlands, May 2000
E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati
"XML Access Control Systems: A Component-Based Approach"
Proc. of the 14th IFIP 11.3 Working Conference in Database Security, Amsterdam, The Netherlands, August 2000
M. Kudo, S. Hada, "XML Document Security and e-Business Applications,"
7th ACM Conference on Computer and Communication Security, Nov. 2000.
Received on Thursday, 10 August 2000 05:13:08 UTC