A Purpose Based Access Control in XML Databases System

With the growing importance of privacy in data access, much research has been done on the privacy protecting technology in recent years. Developing an access control model and related mechanisms to support a selective access data become important. The extensible markup language (XML) is rapidly emerging as the new standard language for semi-structured data representation and exchange on the Internet. And now more and more information is distributed in XML format. In this article, we present a comprehensive approach for privacy preserving access control based on the notion of purpose. In our model, purpose information associated with a given data elements in an XML document specifies the intended use of the data elements. An important issue addressed in this article is the granularity of data labeling for data elements in XML documents and tree databases with which purposes can be associated. We address this issue in XML databases and propose different labeling schemes for XML documents. We also propose an approach to represent purpose information to support access control based on purpose information. Our proposed solution relies on usage access control (UAC) models as well as the components which based on the notions of the purpose information used in subjects and objects. Finally, comparisons with related works are analysed.