[XML Security Suite]

Sample Application - Method Space

Please try out simple examples (e.g. simple example 1) before checking this.

Application Description

This example shows another area of XML access control applications. In the previous examples, each target XML document is literally a document, meaning that it is read and/or modified by human users. That is a primary aim of XML access control. However, XML access control does not necessarily have to do with browsing and/or modifying the target. In this example, XML document is used only for making access decisions. In other words, the target XML representation is never displayed. A method space is an example. It is often the case that we have to specify access control policy rules for each object method such as this person can execute this method of that object but others cannot. The following example assumes that there are four methods in the system categorized into two groups, privileged methods and public methods, and the system control each method invocation according to a set of access control policy rules.

Target XML Document (method_space.xml) 
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE method-space SYSTEM "method_space.dtd">
<method-space>
  <method-group name="Privileged">
    <method>
      <ejb-name name="ejbs_PolicyManagement"/>
    </method>
    <method>
      <ejb-name name="ejbs_UserManagement"/>
    </method>
  </method-group>
  <method-group name="Public">
    <method>
      <ejb-name name="ejbs_HelloWorld"/>
    </method>
    <method>
      <ejb-name name="ejbs_SimpleExample"/>
    </method>
  </method-group>
</method-space>

Note that above example only shows the notion of a method-round access control and it does not conform to the syntax of the access control policy rules for EJB methods defined in J2EE security model. Please refer to J2EE and EJB for further information.

Policy Description

A set of access control policies is described as follows:

  1. Admin group can execute all methods in method-space.
  2. Committee group can execute public methods.
  3. Reviewer group can execute only UserManagement method, provided the method invocation is logged.

The above policies can be described in XACL language as follows:

Access Control Rules (method_policy.xml) 
<?xml version="1.0"?<
<policy 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.trl.ibm.com/projects/xml/xacl xacl.xsd"
  xmlns="http://www.trl.ibm.com/projects/xml/xacl"<
  <!-- ===================================================
  1. The "admin" group can execute all methods in method space
 =================================================== --<
  <xacl>
    <object href="/method-space"/>
    <rule>
      <acl>
        <subject>
          <group>admin</group>
        </subject>
        <action name="read" permission="grant"/>
      </acl>
    </rule>
  </xacl>
  <!-- ===================================================
  2. The "committee" group can execute a "Public" method
     group
 =================================================== -->
  <xacl>
    <object href='/method-space/method-group[@name="Public"]'/>
    <rule>
      <acl>
        <subject>
          <group>committee</group>
        </subject>
        <action name="read" permission="grant"/>
      </acl>
    </rule>
  </xacl>
  <!-- ===================================================
  3. The "reviewer" group can execute ejbs_UserManagement
     method, provided the method invocation is logged.
 =================================================== -->
  <xacl>
    <object href='/method-space/method-group/method/
                     ejb-name[@name="ejbs_UserManagement"]'/>
    <rule>
      <acl>
        <subject>
          <group>reviewer</group>
        </subject>
        <action name="read" permission="grant"/>
          <provisional_action name="log" timing="before"/>
        </action>
      </acl>
    </rule>
  </xacl>
</policy>

Access Requests

Try the following access requests. We substitute read action for execute action in this example. The resulting access decisions in the XACL Visual Tool are described in the right-most column of the following table.

Access request file Object Subject (group) Action Brief description of access decisions
method_request1.xml //ejb-name[@name="ejbs_PolicyManagement"] Andrew
(admin)		 read Andrew who is in admin group can execute EJB PolicyManagement method.
method_request2.xml /* Andrew
(admin)		 read This access request asks which methods Andrew can execute. The system responds that he can execute all methods by displaying all methods in green.
method_request3.xml //ejb-name[@name="ejbs_PolicyManagement"] Carol
(admin)		 read Carol who is in committee group cannot execute the EJB PolicyManagement method because she is allowed to execute only Public method. PolicyManagement method is not Public.
method_request4.xml //ejb-name[@name="ejbs_UserManagement"] Robert
(reviewer)		 read Robert who is in reviewer group can execute the EJB UserManagement method, however his method invocation is recorded in the log (method_status.xml.) Check the previous status file after you execute this access request.

Other Information

Group Membership

Group membership is defined in group.xml as follows.

Group Member
admin Andrew
committee Carol
reviewer Robert

Binding Target XML and Policy

The binding table is defined as follows:

Binding Definition 
<bind_table>
  <bind>
    <target href="method_space.xml"/>
    <policy href="method_policy.xml"/>
    <status href="method_status.xml"/>
  </bind>
</bind_table>
Next Example
[ IBM | alphaWorks | XML Security Suite | Discussion about XML Security Suite ]
Last modified: March 13, 2002