A survey and analysis of access control architectures for XML data

Abstract

Extensible Markup Language (XML) has had a revolutionary effect on information technology. Both business and government have adopted XML as the format of choice for information sharing. Business uses XML to leverage the full potential of the Internet for e-Commerce. The government wants to leverage the ability to share information across many platforms between divergent agencies. In particular, in August 2004, Executive Order (EO) 13356 called for improved sharing of terrorist information to protect Americans.[1] XML provides a way to format information so that it is interoperable. The economic benefit of sharing data and resources is apparent. Sharing information between government agencies will assist in national security. However, there is still a requirement to control the flow and state of data. Therefore, access controls must be used to ensure data and information are protected. This thesis asks whether it is possible to provide a survey and analysis of how industry is enforcing access control on XML data, information, and documents that could serve as a foundation for XML security architectures for the government.