XML is becoming the prominent standard for the representation and exchange of Web data. As the number of users who are publishing and exchanging their data over the Internet is continuously increasing, it is important to control access to XML content of sensitive nature. In this talk I am going to focus on the work I have done on the following subjects: (1) Formalization of the semantics of access control models for read and update operations and (2) Specification and Efficient enforcement of access control policies for update operations.
In the first part of the talk I will discuss the formalization of the semantics of access control policies. State of the art approaches on XML access control use often ambiguous natural language descriptions to specify the meaning of an access control policy. I will present a solution that makes use of XPath 1.0 for specifying the semantics of access policies for both read and update operations.
In the second part of the talk I will present the XML Access Control specification language for Update operations (XACU). The update operations in XACU are based on the operations introduced in the W3C XQuery Update Facility Document. I will discuss our approach on efficiently enforcing access control statically, without accessing the database, by employing tools such as XPath intersection and containment.
Irini Fundulaki is a research fellow in the Database Group of the University of Edinburgh. Prior to that she was a member of Technical Staff at the Network Data and Services Research Department at Bell Laboratories, Lucent Technologies. She received her Ph.D. in Computer Science from the Conservatoire National des Arts et Metiers in Paris on January 2003. During her Ph.D. she was a member of the Verso Database group at INRIA-Rocquencourt.
Her research interests include XML data management with a focus on security and access control, personalization of XML full text queries and data integration.