17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana

A Component-based Architecture for Secure Data Publication

Piero Bonatti, Ernesto Damiani, Pierangela Samarati
University of Milan

Sabrina De Capitani di Vimercati
University of Brescia

We present an approach for controlling access to data publishers in the framework of Web-based information services. The paper presents a model for enforcing access control regulations, an XML core schema and namespace for expressing such regulations, and illustrate the architecture of Access Control Unit (ACU), an autonomous software component based on the proposed model. Besides ``standard'' authorizations, the ACU supports authorizations based on user profiles and dynamic conditions whose outcome is determined by user actions such as the acceptance of a written agreement and/or payment.

Keywords: access control, selective data dissemination, profile-based regulations, use-based regulations, XML

Read Paper Read Paper (in PDF)