[February 10, 2001] The IBM Tokyo Research Laboratory has several development projects in the area of XML security, including SOAP Security Extensions, a Java-based XML Security Suite, and an XML Access Control Language. The XML Security Suite distributed through the IBM alphaWorks lab "provides security features such as digital signature, element-wise encryption, and access control to Internet business-to-business transactions." The recent update of this suite [2001-01-29] offers an improved API document for XACL, along with better KeyInfo handling of XML-Signature and a programing how-to guide.
From the proposal: "XML Access Control aims at providing XML documents with a sophisticated access control model and access control specification language. With this access control technology, the access control policies control how an XML document appears. The policies also insure the document is securely updated as specified by the security programmer. Suppose there is an online catalog document written in XML that lists available goods sold on the Internet. Consider an access control policy such that only premium members can view the special discount price information in the document. When a regular member views the catalog, any information provided for the premium members should be hidden. XML access control is capable of specifying such fine-grained access control policies for XML documents."
From the specification: "We propose an XML-based language to specify security policies to be enforced on specific accesses to XML documents. We call it the XML Access Control Language (XACL). It provides XML with a sophisticated access control mechanism that enables the initiator not only to securely browse XML documents but also to securely update each document element. Similar to existing policy languages, XACL is used to specify an object-subject-action-condition oriented policy in the context of a particular XML document. The notion of subject comprises identity, group, and role. The granularity of object is as fine as single elements within the document. Currently, there are four possible actions (read, write, create and delete), but the structure of the language is not limited to these. XACL is based on a provisional authorization model [3 references], where we can specify provisional actions associated with a primitive action (read, write, create, or delete). Almost all studies in access control and authorization systems have assumed the following model: "a user makes an access request of a system in some context, and the system either authorizes the access request or denies it." In the provisional authorization model, the answer from the system is not simply "grant" or "deny." It tells the user that his request will be authorized provided he (and the system) takes certain actions or that his request is denied but the system must still take certain actions. Such actions are called provisional actions. Examples of provisional actions include auditing, digital signature verification, encryption, and XSL transformations in addition to write, create and delete actions. These provisional actions enable us to specify policies such as the following: (1) A user is authorized to access confidential information, but the access must be logged. (2) A user is authorized to read sensitive information, but must sign a terms and conditions statement first. (3) If unauthorized access is detected, a warning message must be sent to an administrator. In the existing access control mechanisms, these provisional actions are all hard coded within applications, but in the provisional authorization system, they can be processed by the policy enforcement module, but not by applications..."
"XML Access Control aims at providing XML documents with a sophisticated access control model and fine-grained access control specification language. With this access control technology, the access control policies control how an XML document appears. The policies also insure the document is securely updated as specified by the security programmer. We have developed XML Access Control Language (XACL) processor and it is available from the following link. The XACL processor enables you to specify and execute fine-grained and complex authorization policies such as element-wise authorization, sub-tree-wise authorization, temporal authorization, data-dependent authorization, context-dependent authorization, history-dependent authorization, authorization based on open-policy, authorization based on closed-policy, etc. XACL implementation is available as part of the XML Security Suite."
"The XML Access Control Language (XACL) is centered around a subject-privilege-object oriented security model in the context of a particular XML document. This means, by writing rules in XACL a policy author is able to define who can exercise what access privileges on a particular XML document. The notion of subject comprises identity and role, with identity possibly including information about group or organization membership. The granularity of object is as fine as single elements within this document. The set of possible privileges currently consists of five types (read, write, create, delete, clone), but is not limited to these. In addition to subject, privilege and object, a condition can be added to the rule. By specifying enforcement conditions, temporal conditions and data-dependent conditions, more flexible rules can be written... Conceptually, our XML document consists of two parts: contents and policy. Here is a simple example of bid submission document. The policy written in XACL contains three rules: (1) Alice has read and write privilege on the contents element. (2) Bob has only read privilege on the contents element. (3) By default, other users have no privilege on the contents element..."
References:
XACL Authoring Environment. "Our XACL authoring environment consists of a policy editor and a visual test tool. The policy editor, a customized XML editor, provides advanced support for writing XACL rules. The visual test tool enables the policy author to query a policy. Queries can easily be composed and passed on as access requests to the XACL Processor. The processor's decisions are then visualized on a tree view of the underlying XML document, using for example icons to symbolize different access privileges and color coded node labels for access decisions. The tools are fully implemented in Java... The policy editor builds a palette containing the elements defined in the DTD of the XACL policy. Users can thus create and edit any element derived from that DTD, by using a visual tree-directed paradigm..."
XML Access Control: Proposal. By Michiharu Kudo and Satoshi Hada. October 24, 2000.
"XML Access Control Language: Provisional Authorization for XML Documents." By Satoshi Hada and Michiharu Kudo (Tokyo Research Laboratory, IBM Research). October 16, 2000. "This document specifies syntax and semantics of XML access control language (XACL)." [cache]
[April 24, 2001] "OASIS Forms Technical Committee to Standardize Security Access Control with XML. Interoperability Consortium to Develop XACML." - "OASIS, the XML interoperability consortium, announced the formation of a new technical committee to standardize security access control using XML. The new OASIS eXtensible Access Control Markup Language (XACML) Technical Committee will define an XML specification for expressing policies for information access over the Internet. XACML will define the representation for rules that specify the who, what, when and how of information access, explained Simon Y. Blackwell of Psoom, chair of the OASIS XACML Technical Committee. Access control, which is often called "rights management" or "entitlement management," determines who can look at something, what they can do with it, the type of device they can look at it on, etc.' Said Karl Best, OASIS director of technical operations: 'Security is a very broad area for XML development -- there are many aspects of security that interrelate. This new OASIS XACML Technical Committee will work in parallel with the existing OASIS Security Services group, which is concerned primarily with authorization and authentication issues. Both technical committees are committed to coordinating their efforts with each other and with other security initiatives in progress.' Global and inclusive in scope, XACML will bring together and build on access control specification work already under way worldwide, including XACL from IBM in Japan and XML-AC from the Department of Information Technology at the University of Milan, Italy. Initial members of the OASIS XACML Technical Committee include OASIS sponsors, Baltimore Technologies, CrossLogix, Hewlett-Packard, IBM, Jamcracker, Oblix, Reuters, Sun Microsystems and webMethods. Other companies and individuals are encouraged to participate in the XACML work by joining OASIS."
XACL in the IBM XML Security Suite: "XML Access Control aims at providing XML documents with a sophisticated access control model and access control specification language. With this access control technology, the access control policies control how an XML document appears. The policies also insure the document is securely updated as specified by the security programmer." See 'Package com.ibm.xml.policy.xacl'. See also: the README document in the XML Security Suite application.
[August 10, 2000] "XML Document Security and e-Business Applications." [Alternate title: "XML Document Security based on Provisional Authorization."] By Michiharu Kudo (Tokyo Research Laboratory, IBM Japan Ltd.) and S. Hada. Paper to be presented at CCS 2000: [7th ACM Conference on Computer and Communication Security 2000, November 1-4, 2000, Athens, Greece. Note in this connection the comments by Michiharu Kudo on the W3C XML Encryption discussion list: "The idea of XML fine-grained access control is very interesting. Our team in Tokyo Research Lab has been interested and involved in several aspects of XML security such as digital signature, element-wise encryption, and access control on XML document as well. Someone may say that standardizationfor digital signature and encryption on XML is more essential compared to that of XML access control. Yes, however, it is often the case that the XML document such as e-contract contains multi-level security information and the access to that document must be controlled e.g., sub-portion of the original XML may have a digital signature that must be protected from the anonymous read access. Or when the access comes from the specific department, access is allowed but access must be logged. For these purposes, it is nice to have a fine-grained access control policy specification language for XML document, and also reasonable to provide such alanguage defined in XML. Thus we designed XACL (XML Access Control specification Language) and implemented a prototype system for e-commerce applications. However, there could be various language definitions, while they have many issues that could be shared in common. Thus I think that it is very good to propose this to some standardization unit as a first step."
"Access Control Model with Provisional Actions." By M. Kudo and S. Hada. To appear in IEICE Trans. Fundamentals, Vol. E84-A, No. 1, 2001.
"Provisional Authorization." By S. Jajodia, M. Kudo, and V. S. Subrahmanian. To appear in Workshop on Security and Privacy in E-Commerce (WSPEC), November 2000.
Contact: Michiharu Kudo
[February 10, 2001] Pending standards work: Note in this connection that discussion has been held on the OASIS Security list about a possible technical committee "focused on security related specifications orthogonal to the efforts of the XML-Based Security Services TC. Whereas XML-Based Security Services exists to define an XML framework for exchanging authentication and authorization information, XACML [Extensible Access Control Markup Language] is concerned with the representation of access control policies as XML and the application of these policies to XML documents..." Provisional participants: Ernesto Damiani [Discussion Leader], Pierangela Samarati, Simon Y. Blackwell, and Frank Chum.
See also: "Design and Implementation of an Access Control Processor for XML Documents." By Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, and Pierangela Samarati. Presented at WWW9. "More and more information is distributed in XML format, both on corporate Intranets and on the global Net. In this paper an Access Control System for XML is described allowing for definition and enforcement of access restrictions directly on the structure and content of XML documents, thus providing a simple and effective way for users to protect information at the same granularity level provided by the language itself..."
See also: "XML Encryption and Access Control. A comparison and a 2nd encryption model. Draft 29.10.2000. From Christian Geuer-Pollmann (Institute for Data Communications Systems, University of Siegen). Prepared for the W3C XML Encryption Workshop. "...ideas about how XML Encryption and the rich functionality of server-based XML Access Control could be brought together within a single model." [cache]
Related work:
