We propose an access control scheme for developing authorization rules for XML documents, allowing flexible data granularity and authorization propagation. To simplify the complex access control policies in XML, we introduce a new tool: Authorization Policy Sheet (APS). Complex access control rules can be easily described in an APS. The administrator of a system can easily manage the access control of the system. With aid of Data Type Definitions(DTD), the policies given in an APS can be converted into a standard XML code that can be implemented in a normal XML environment.
This article was originally published as Wu, J, Mu, Y, Seberry, J and Ruan, C, Access Policy Sheet for access control in fine-grained XML, Proceedings of The First IFIP workshop on Trusted and Autonomic Ubiquitous and Embedded Systems (TAUES 2005), Nagasaki - Japan, 6-9 December 2005. Also available at Lecture Notes in Computer Science, 3813, 1273-1282. Copyright Springer-Verlag 2005.