Realizing fine-granular Read andWrite Rights on Tree Structured Documents

Partial encryption of contents in tree structured documents like XML allows to define a fine-granular local access control on nodes for different users: depending on the read permissions a user gets keys and can decrypt encrypted document parts. However, this approach leads to a management of countless keys. The main goal of the presented key management scheme is to reduce the effort for the key management in tree structured documents in order to achieve a simple key retrieval. In contrast to existing approaches, write permissions are introduced allowing only authorized users valid write operations in such documents. To reduce the key storage, a derivation of read permissions from write permissions is presented, while read permissions and write permissions are inherited from parent nodes. Among read and write permissions, rights for structural modifications are included to guarantee the authenticity of such documents. Additionally the problem of key transmission, the evaluation of data overhead for a realization of this scheme, and security aspects are discussed