Access Control Policy Models for XML.

Security concerns have been rapidly increasing because of repeated security incidents such as unexpected personal information leakage. Since XML [38] has been playing an important role in IT systems and applications, a big surge of requirements for legislative compliance is driving enterprises to protect their XML data for secure data management as well as privacy protection, and the access control mechanism is a central control point. In this chapter, we are concerned with fine-grained (element- and attribute-level) access control for XML database systems, rather than with document-level access control. We use the term XML access control to address such fine-grained access control. The XML access control deals with XML data and access control policies as well as schema definitions, e.g. XML Schema [40], and queries, e.g. XQuery [36]. The scope of XML access control is not limited to a specific application but covers broader areas that involve XML-based transactional systems such as e-commerce applications (Commerce XML [7] etc.), medical and health record applications (HL7 [16] etc.), and newspaper article distribution and applications (NewsML [17] etc.). [ABSTRACT FROM AUTHOR]