32 Pages Posted: 9 Feb 2002
Date Written: February 2002
The secure publication of XML data over the Internet is increasingly utilized for document exchange over the Web. Publishers of XML data need to satisfy the authenticity and confidentiality requirements of end users and information owners. Satisfying these requirements in a web environment is very difficult since large systems cannot be easily verified to be secure and are often penetrated. In this paper, we propose a first step towards secure publishing of XML data over the Web by suggesting a scalable architecture that distinguishes between the Owner and the Publisher of information. Such a distinction has two goals: to reduce the trust required of the information Publisher and to make the tasks of document management and query response more efficient. Subjects submit queries to Publishers which filter query results on the basis of the access control policies specified by the Owner. In this paper, we show how this capability can be accomplished without requiring the Publisher to keep a copy of the access control policies. With a set of digital signatures generated by the Owner and no trust required of the Publisher, we show that a subject is able to verify the authenticity of a query response, and, under specific conditions, the completeness of a query result, with respect to the access control policies stated by the information Owner.
Keywords: XML, Secure Publishing, Internet Based Publishing, Source Authenticity
JEL Classification: M1, Z0
Suggested Citation: Suggested Citation
Bertino, Elisa and Carminati, Barbara and Ferrari, Elena and Thuraisingham, Bhavani and Gupta, Amar, Selective and Authentic Third-party Distribution of XML Documents (February 2002). MIT Sloan Working Paper No. 4343-02; Eller College Working Paper No. 1030-05. Available at SSRN: https://ssrn.com/abstract=299935 or http://dx.doi.org/10.2139/ssrn.299935