The L3 Project

Last generated: Thu Mar 1 10:53:14 2012 EST.

Table of Contents


The L3 Project:

As the "secure" distribution and sharing of information over the World Wide Web becomes increasingly important, the needs for flexible and efficient support of access control systems naturally arise. Since the eXtensible Markup Language (XML) is emerging as the format of the Internet era for storing and exchanging information, there have been, recently, many proposals to extend the XML model to incorporate security aspects. To the lesser or greater extent, however, such proposals neglect the fact that the data for XML documents will most likely reside in relational databases, and consequently do not utilize various security models proposed for and implemented in relational databases.

In this project, named as L3 ("L-cube") from the lastnames of three participating faculties, we take a rather different approach. We explore how to support security models for XML documents by leveraging on techniques developed for relational databases. More specifically, in our approach,

  1. Users make XML queries against the given XML view/schema,
  2. Access controls for XML data are also specified in the XML model, but
  3. Data are stored in relational databases, and
  4. Security check and query evaluation are also done in relational databases.

Instead of re-inventing wheels, we take two representative methods in both XML security model and XML to relational conversion problems, and show how to glue them together in a seamless manner to efficiently support access controls for the XML model using relational databases.

Our overall approach is illustrated in the following figure: