Sample Application - Paper Review

Please try out simple examples (e.g. simple example 1) before checking this.

Application Description

This application simulates a typical review process for academic papers. This example illustrates how the XML access control is applied to applications that needs information sharing and/or updating among multiple participants who play different roles. The review process can be described as follows:

Authors submit their papers to the submission server.

A chairperson assigns one or more reviewers to each submitted paper.

The reviewers read the assigned paper and evaluate it.

The program committee members read the reviewers' evaluations and decide whether or not each paper should be accepted.

The chairperson decides on the list of accepted papers.

The authors receive notifications of acceptance or rejection.

We simplify the above process and produce a review summary document. The summary document stores data such as author information and evaluation results. The following summary document includes paper submissions from authors Xerces, Stackman, and Dreamer. Each submission consists of <paper_title>, <paper_number>, <author>, <review>, and <result> fields. The <paper_title>, <paper_number>, and <author> fields stores submission information. The <review> section is used by reviewers. The <result> field is written by chairperson.

Target XML Document (review_target.xml)
<review_summary> <notification_date>12/31/05 0:0 AM</notification_date> <entry> <paper_title>Method for Parsing XML Document</paper_title> <paper_number>0120</paper_number> <author>Xerces</author> <review> <reviewer>Robert</reviewer> <rating>4.5</rating> </review> <result>Accept</result> </entry> <entry> <paper_title>New Method for Stack Smashing Attack</paper_title> <paper_number>0123</paper_number> <author>Stackman</author> <review> <reviewer>Patrick</reviewer> <rating>4.0</rating> </review> <result>Accept</result> </entry> <entry> <paper_title>Fantastic Public Key Cryptosystem</paper_title> <paper_number>0129</paper_number> <author>Dreamer</author> <review> <reviewer>Richard</reviewer> <rating>1.5</rating> </review> <result>Reject</result> </entry> </review_summary>

Target XML Document (review_target.xml)

<review_summary>
  <notification_date>12/31/05 0:0 AM</notification_date>
  <entry>
    <paper_title>Method for Parsing XML Document</paper_title>
    <paper_number>0120</paper_number>
    <author>Xerces</author>
    <review>
      <reviewer>Robert</reviewer>
      <rating>4.5</rating>
    </review>
    <result>Accept</result>
  </entry>
  <entry>
    <paper_title>New Method for Stack Smashing Attack</paper_title>
    <paper_number>0123</paper_number>
    <author>Stackman</author>
    <review>
      <reviewer>Patrick</reviewer>
      <rating>4.0</rating>
    </review>
    <result>Accept</result>
  </entry>
  <entry>
    <paper_title>Fantastic Public Key Cryptosystem</paper_title>
    <paper_number>0129</paper_number>
    <author>Dreamer</author>
    <review>
      <reviewer>Richard</reviewer>
      <rating>1.5</rating>
    </review>
    <result>Reject</result>
  </entry>
</review_summary>

Policy Description

The access control policy associated to the above review document can be described as follows:

The chairperson and the committee members can read the review document (unless a policy explicitly specifies denial.)
The chairperson can write the result (accept or reject) in the result field.
Authors cannot read the result of their own submission until the notification date comes.
Authors can read the result of their own submission after the date of the notification, provided the access is logged.
Authors can read their own submission entry.
For anonymity purpose, the committee members and reviewers cannot read the authors' names.
For anonymity purpose, the committee members cannot read the reviewers' names except for the case that the request initiator's name is same as the reviewer's name.
Authors cannot read reviewers' evaluations.
Reviewers can read and write the review fields only for papers assigned to them.
Reviewers can read titles and numbers of papers assigned to them.

The above policies are described in the XACL language as follows:

Access Control Rules (review_policy.xml)
<policy xmlns="http://www.trl.ibm.com/projects/xml/xacl"> <!-- =================================================== 1. The chairperson and the committee members can read the review document (unless a policy explicitly specifies denial.) =================================================== --> <xacl> <object href="/review_summary"/> <rule> <acl> <subject> <group>chair</group> </subject> <subject> <group>committee</group> </subject> <action name="read" permission="grant"/> </acl> </rule> </xacl> <!-- =================================================== 2. The chairperson can write the result (accept or reject) in the result field. =================================================== --> <xacl> <object href="/review_summary/entry/result"/> <rule> <acl> <subject> <group>chair</group> </subject> <action name="write" permission="grant"/> </acl> </rule> <!-- =================================================== 3. Authors cannot read the result of their own submission until the notification date comes. =================================================== --> <rule> <acl> <subject> <group>author</group> </subject> <action name="read" permission="deny"/> <condition operation="or"> <predicate name="compareStr"> <parameter value="neq"/> <parameter><function name="getValue"> <parameter value="../author"/></function></parameter> <parameter><function name="getUid"/></parameter> </predicate> <predicate name="compareDate"> <parameter value="before"/> <parameter><function name="getDate"/></parameter> <parameter> <function name="getValue"> <parameter value="/review_summary/notification_date"/> </function> </parameter> </predicate> </condition> </acl> </rule> <!-- =================================================== 4. Authors can read the result of their own submission provided the read access is logged. =================================================== --> <rule> <acl> <subject> <group>author</group> </subject> <action name="read" permission="grant"> <provisional_action name="log" timing="after"/> </action> <condition operation="and"> <predicate name="compareStr"> <parameter value="eq"/> <parameter><function name="getValue"> <parameter value="../author"/></function></parameter> <parameter><function name="getUid"/></parameter> </predicate> <predicate name="compareDate"> <parameter value="after"/> <parameter><function name="getDate"/></parameter> <parameter> <function name="getValue"> <parameter value="/review_summary/notification_date"/> </function> </parameter> </predicate> </condition> </acl> </rule> </xacl> <!-- =================================================== 5. Authors can read the their own submission entry. =================================================== --> <xacl> <object href="/review_summary/entry"/> <rule> <acl> <subject> <group>author</group> </subject> <action name="read" permission="grant"/> <condition operation="and"> <predicate name="compareStr"> <parameter value="eq"/> <parameter><function name="getValue"> <parameter value="./author"/></function></parameter> <parameter><function name="getUid"/></parameter> </predicate> </condition> </acl> </rule> </xacl> <!-- =================================================== 6. For anonymity purpose, the committee members and reviewers cannot read the authors' names. =================================================== --> <xacl> <object href="/review_summary/entry/author"/> <rule> <acl> <subject> <group>committee</group> </subject> <subject> <group>reviewer</group> </subject> <action name="read" permission="deny"/> </acl> </rule> </xacl> <!-- =================================================== 7. For anonymity purpose, the committee members cannot read the reviewers' names except for the case that the request initiator's name is same as the reviewer's name. =================================================== --> <xacl> <object href="/review_summary/entry/review/reviewer"/> <rule> <acl> <subject> <group>committee</group> </subject> <action name="read" permission="deny"/> <condition operation="and"> <predicate name="compareStr"> <parameter value="neq"/> <parameter><function name="getValue"> <parameter value="."/></function></parameter> <parameter><function name="getUid"/></parameter> </predicate> </condition> </acl> </rule> </xacl> <!-- =================================================== 8. Authors cannot read reviewers' evaluations. =================================================== --> <xacl> <object href="/review_summary/entry/review"/> <rule> <acl> <subject> <group>author</group> </subject> <action name="read" permission="deny"/> </acl> </rule> <!-- =================================================== 9. Reviewers can read and write the review fields only for papers assigned to them. =================================================== --> <rule> <acl> <subject> <group>reviewer</group> </subject> <action name="read" permission="grant"/> <action name="write" permission="grant"/> <condition operation="and"> <predicate name="compareStr"> <parameter value="eq"/> <parameter><function name="getValue"> <parameter value="./reviewer"/></function></parameter> <parameter><function name="getUid"/></parameter> </predicate> </condition> </acl> </rule> </xacl> <!-- =================================================== 10. Reviewers can read titles and numbers of papers assigned to them. =================================================== --> <xacl> <object href="/review_summary/entry/paper_title"/> <object href="/review_summary/entry/paper_number"/> <rule> <acl> <subject> <group>reviewer</group> </subject> <action name="read" permission="grant"/> <condition operation="and"> <predicate name="compareStr"> <parameter value="eq"/> <parameter><function name="getValue"> <parameter value="../review/reviewer"/></function></parameter> <parameter><function name="getUid"/></parameter> </predicate> </condition> </acl> </rule> </xacl> </policy>

Access Control Rules (review_policy.xml)

<policy xmlns="http://www.trl.ibm.com/projects/xml/xacl">
<!-- ===================================================
  1. The chairperson and the committee members can read 
     the review document (unless a policy explicitly 
     specifies denial.)
 =================================================== -->
  <xacl>
    <object href="/review_summary"/>
    <rule>
      <acl>
        <subject>
          <group>chair</group>
        </subject>
        <subject>
          <group>committee</group>
        </subject>
        <action name="read" permission="grant"/>
      </acl>
    </rule>
  </xacl>
<!-- ===================================================
  2. The chairperson can write the result (accept or 
     reject) in the result field.
 =================================================== -->
  <xacl>
    <object href="/review_summary/entry/result"/>
    <rule>
      <acl>
        <subject>
          <group>chair</group>
        </subject>
        <action name="write" permission="grant"/>
      </acl>
    </rule>
<!-- ===================================================
   3. Authors cannot read the result of their own 
      submission until the notification date comes.
 =================================================== -->
    <rule>
      <acl>
        <subject>
          <group>author</group>
        </subject>
        <action name="read" permission="deny"/>
        <condition operation="or">
          <predicate name="compareStr">
            <parameter value="neq"/>
            <parameter><function name="getValue">
              <parameter value="../author"/></function></parameter>
            <parameter><function name="getUid"/></parameter>
          </predicate>
          <predicate name="compareDate">
            <parameter value="before"/>
            <parameter><function name="getDate"/></parameter>
            <parameter>
              <function name="getValue">
                <parameter value="/review_summary/notification_date"/>
              </function>
            </parameter>
          </predicate>
        </condition>
      </acl>
    </rule>

<!-- ===================================================
   4. Authors can read the result of their own 
      submission provided the read access is logged.
 =================================================== -->
    <rule>
      <acl>
        <subject>
          <group>author</group>
        </subject>
        <action name="read" permission="grant">
          <provisional_action name="log" timing="after"/>
        </action>
        <condition operation="and">
          <predicate name="compareStr">
            <parameter value="eq"/>
            <parameter><function name="getValue">
              <parameter value="../author"/></function></parameter>
            <parameter><function name="getUid"/></parameter>
          </predicate>
          <predicate name="compareDate">
            <parameter value="after"/>
            <parameter><function name="getDate"/></parameter>
            <parameter>
              <function name="getValue">
                <parameter value="/review_summary/notification_date"/>                     </function>
            </parameter>
          </predicate>
        </condition>
      </acl>
    </rule>
  </xacl>
<!-- ===================================================
  5. Authors can read the their own submission entry.
 =================================================== -->
  <xacl>
    <object href="/review_summary/entry"/>
    <rule>
      <acl>
        <subject>
          <group>author</group>
        </subject>
        <action name="read" permission="grant"/>
        <condition operation="and">
          <predicate name="compareStr">
            <parameter value="eq"/>
            <parameter><function name="getValue">
              <parameter value="./author"/></function></parameter>
            <parameter><function name="getUid"/></parameter>
          </predicate>
        </condition>
      </acl>
    </rule>
  </xacl>
<!-- ===================================================
  6. For anonymity purpose, the committee members and 
     reviewers cannot read the authors' names.
 =================================================== -->
  <xacl>
    <object href="/review_summary/entry/author"/>
    <rule>
      <acl>
        <subject>
          <group>committee</group>
        </subject>
        <subject>
          <group>reviewer</group>
        </subject>
        <action name="read" permission="deny"/>
      </acl>
    </rule>
  </xacl>
<!-- ===================================================
  7. For anonymity purpose, the committee members cannot 
     read the reviewers' names except for the case that 
     the request initiator's name is same as the 
     reviewer's name.
 =================================================== -->
  <xacl>
    <object href="/review_summary/entry/review/reviewer"/>
    <rule>
      <acl>
        <subject>
          <group>committee</group>
        </subject>
        <action name="read" permission="deny"/>
        <condition operation="and">
          <predicate name="compareStr">
            <parameter value="neq"/>
            <parameter><function name="getValue">
              <parameter value="."/></function></parameter>
            <parameter><function name="getUid"/></parameter>
          </predicate>
        </condition>
      </acl>
    </rule>
  </xacl>
<!-- ===================================================
  8. Authors cannot read reviewers' evaluations.
 =================================================== -->
  <xacl>
    <object href="/review_summary/entry/review"/>
    <rule>
      <acl>
        <subject>
          <group>author</group>
        </subject>
        <action name="read" permission="deny"/>
      </acl>
    </rule>
<!-- ===================================================
  9. Reviewers can read and write the review fields 
     only for papers assigned to them.
 =================================================== -->
    <rule>
      <acl>
        <subject>
          <group>reviewer</group>
        </subject>
        <action name="read" permission="grant"/>
        <action name="write" permission="grant"/>
        <condition operation="and">
          <predicate name="compareStr">
            <parameter value="eq"/>
            <parameter><function name="getValue">
              <parameter value="./reviewer"/></function></parameter>
            <parameter><function name="getUid"/></parameter>
          </predicate>
        </condition>
      </acl>
    </rule>
  </xacl>
<!-- ===================================================
  10. Reviewers can read titles and numbers of papers 
     assigned to them.
 =================================================== -->
  <xacl>
    <object href="/review_summary/entry/paper_title"/>
    <object href="/review_summary/entry/paper_number"/>
    <rule>
      <acl>
        <subject>
          <group>reviewer</group>
        </subject>
        <action name="read" permission="grant"/>
        <condition operation="and">
          <predicate name="compareStr">
            <parameter value="eq"/>
            <parameter><function name="getValue">
              <parameter value="../review/reviewer"/></function></parameter>
            <parameter><function name="getUid"/></parameter>
          </predicate>
        </condition>
      </acl>
    </rule>
  </xacl>
</policy>

Access Requests

Try the following access requests. The resulting access decisions in the XACL Visual Tool are described in the right-most column of the following table.

Access request file	Object	Subject (group)	Action	Brief description of access decisions
review_request1.xml	/review_summar	Charlie (chair)	read	The chair Charlie is allowed to read all information under the <review_summary> element.
review_request2.xml	/review_summary	Xerces (author)	read	The author Xerces is allowed to read his entry except for the <result> element, if the access is made before the notification_date.
review_request3.xml	/review_summary	Stackman (author)	read	The author Stackman is allowed to read his entry except for the <result> element, if the access is made before the notification_date.
review_request4.xml	/review_summary	Robert (reviewer)	read	The reviewer Robert is allowed to read Xerces's submission except for the <author> element (corresponding to the author's name).
review_request5.xml	/review_summary	Patrick (reviewer)	read	The reviewer Patrick is allowed to read Stackman's submission except for the <author> element (corresponding to the author's name).
review_request6.xml	/review_summary	Carol (committee)	read	The committee member Carol is allowed to read every submission except for the <author> and <reviewer> elements (corresponding to author's and reviewer's names).
review_request7.xml	/review_summary	Charlie (chair)	write	The chair Charlie is allowed to write the result of the evaluation (corresponding to the <result> element).
review_request2.xml	/review_summary	Xerces (author)	read	Please change the <notification_date> field to any date before now by using editor (please keep the time format). Try this access request and you'll see that the read access is logged, because of the provisional action of the fourth access control rule.

Other Information

Group Membership

Group membership is defined in group.xml as follows.

Group	Member
chair	Charlie
committee	Carol
reviewer	Patrick, Robert
author	Xerces, Stackman, Dreamer

Binding Target XML and Policy

The binding table is defined as follows:

Binding Definition
<bind_table> <bind> <target href="review_target.dtd"/> <policy href="review_policy.xml"/> <status href="review_status.xml"/> </bind> </bind_table>

Next Example

[ IBM | alphaWorks | XML Security Suite | Discussion about XML Security Suite ]

Last modified: April 18, 2002