Simple Example 1

Description

This is a simple example for accessing personnel information. The personnel information consists of a <name> and a <salary> field as described below.

Target XML Document (ex1_target.xml)
<personnel_info> <name>Johnson</name> <salary currency="USD">200,000</salary> </personnel_info>

A set of access control rules (policy) for the personnel information is described in the Access Control Rules below.

The first rule says that Alice is allowed to read the <name> field of the personnel information. "/personnel_info/name" is an XPath expression that points the <name> field.
The second rule says that Bob is allowed to read and write the <salary> field.

Access Control Rules (ex1_policy.xml)
<policy> <!-- ================================================== 1. Alice can read name fields. =================================================== --> <xacl> <object href="/personnel_info/name"/> <rule> <acl> <subject> <uid>Alice</uid> </subject> <action name="read" permission="grant"/> </acl> </rule> </xacl> <!-- ================================================== 2. Bob can read and write salary fields. =================================================== --> <xacl> <object href="/personnel_info/salary"/> <rule> <acl> <subject> <uid>Bob</uid> </subject> <action name="read" permission="grant"/> <action name="write" permission="grant"/> </acl> </rule> </xacl> </policy>

Access Control Rules (ex1_policy.xml)

<policy>

<!-- ==================================================
  1. Alice can read name fields.
 =================================================== -->
  <xacl>
    <object href="/personnel_info/name"/>
    <rule>
      <acl>
        <subject>
          <uid>Alice</uid>
        </subject>
        <action name="read" permission="grant"/>
      </acl>
    </rule>
  </xacl>

<!-- ==================================================
  2. Bob can read and write salary fields.
 =================================================== -->
  <xacl>
    <object href="/personnel_info/salary"/>
    <rule>
      <acl>
        <subject>
          <uid>Bob</uid>
        </subject>
        <action name="read" permission="grant"/>
        <action name="write" permission="grant"/>
      </acl>
    </rule>
  </xacl>
</policy>

How to Run the Example

Submit Access Request

Suppose that there is an access request that asks whether or not Alice is allowed to read a <name> field of the target XML document ex1_target.xml. The access request is specified in ex1_request1.xml. To obtain an access decision, we call the XACL processor with four arguments as follows (Before executing the command, don't forget to change the directory to data/xacldata ):

java com.ibm.xml.policy.xacl.Processor ex1_request1.xml ex1_target.xml ex1_policy.xml ex1_status.xml

Positive Access Decision

As the output of this command, the XACL processor generates the file decision_list.xml in the current directory that says Alice is allowed to read the <name> field in the personnel_info section of the target XML document ex1_target.xml. This decision is easily deduced from the first rule in ex1_policy.xml.

Access Decision (an example of *decision_list.xml*)
<?xml version="1.0"?> <decision_list xmlns="http://www.trl.ibm.com/projects/xml/xacl"> <access_req type="execute"> <object href="/personnel_info/name"/> <subject> <uid>Alice</uid> </subject> <action name="read"/> </access_req> <decision href="/personnel_info/name" permission="grant"/> </decision_list>

Access Decision (an example of decision_list.xml)

<?xml version="1.0"?>
<decision_list xmlns="http://www.trl.ibm.com/projects/xml/xacl">
  <access_req type="execute">
    <object href="/personnel_info/name"/>
    <subject>
      <uid>Alice</uid>
    </subject>
    <action name="read"/>
  </access_req>
  <decision href="/personnel_info/name" permission="grant"/>
</decision_list>

Negative Access Decision

The second access request (ex1_request2.xml) is whether or not Bob is allowed to read a <name> field.

java com.ibm.xml.policy.xacl.Processor ex1_request2.xml ex1_target.xml ex1_policy.xml ex1_status.xml

The difference from the first access request (ex1_request2.xml) is the initiating subject. Bob is specified instead of Alice. The access decision returned from the XACL processor says that Bob is NOT allowed to read the <name> field.

Access Decision (an example of *decision_list.xml*)
<?xml version="1.0"?> <decision_list xmlns="http://www.trl.ibm.com/projects/xml/xacl"> <access_req type="execute"> <object href="/personnel_info/name"/> <subject> <uid>Bob</uid> </subject> <action name="read"/> </access_req> <decision href="/personnel_info/name" permission="deny"/> </decision_list>

Access Decision (an example of decision_list.xml)

<?xml version="1.0"?>
<decision_list xmlns="http://www.trl.ibm.com/projects/xml/xacl">
  <access_req type="execute">
    <object href="/personnel_info/name"/>
    <subject>
      <uid>Bob</uid>
    </subject>
    <action name="read"/>
  </access_req>
  <decision href="/personnel_info/name" permission="deny"/>
</decision_list>

This decision is not deduced directly from the rules above. By default, the XACL processor assumes that the access is allowed only if a corresponding positive permission is explicitly specified in the access control rules. Otherwise the access is denied. This policy is often called a "default denial policy" or a "closed policy", which is appropriate for a situation where the minimal privileges should be allowed. XACL is capable of specifying other policies such as a "default grant policy". We will show how to specify other policies in Policy Property.

Access Request for Write Action

The third access request asks whether or not Bob is allowed to update a <salary> field.

java com.ibm.xml.policy.xacl.Processor ex1_request3.xml ex1_target.xml ex1_policy.xml ex1_status.xml

The access decision is that Bob is allowed to update the <salary> field and this decision is deduced directly from the second access control rule. XACL is capable of specifying four kinds of actions to be taken on XML document: read, write, create, and delete actions. Refer to the XACL specification document for details.

Access Decision (an example of *decision_list.xml*)
<?xml version="1.0"?> <decision_list xmlns="http://www.trl.ibm.com/projects/xml/xacl"> <access_req type="query"> <object href="/personnel_info/salary"/> <subject> <uid>Bob</uid> </subject> <action name="write"/> </access_req> <decision href="/personnel_info/salary" permission="grant"/> <decision href="/personnel_info/salary@currency" permission="grant"/> </decision_list>

Access Decision (an example of decision_list.xml)

<?xml version="1.0"?>
<decision_list xmlns="http://www.trl.ibm.com/projects/xml/xacl">
  <access_req type="query">
    <object href="/personnel_info/salary"/>
    <subject>
      <uid>Bob</uid>
    </subject>
    <action name="write"/>
  </access_req>
  <decision href="/personnel_info/salary" permission="grant"/>
  <decision href="/personnel_info/salary@currency" permission="grant"/>
</decision_list>

Next Example

[ IBM | alphaWorks | XML Security Suite | Discussion about XML Security Suite ]

Last modified: August 30, 2001