This Article 
 Bibliographic References 
 Add to: 
A Content-Based Authorization Model for Digital Libraries
March/April 2002 (vol. 14 no. 2)
pp. 296-315

Digital Libraries (DLs) introduce several challenging requirements with respect to the formulation, specification, and enforcement of adequate data protection policies. Unlike conventional database environments, a DL environment typically is characterized by dynamic user population, often making accesses from remote locations, and by an extraordinarily large amount of multimedia information, stored in a variety of formats. Moreover, in a DL environment, access policies are often specified based on user qualifications and characteristics, rather than user identity (for example, a user can be given access to an R-rated video only if he/she is older than 18 years). Another crucial requirement is the support for content-dependent authorizations on digital library objects (for example, all documents containing discussions on how to operate guns must be made available only to users who are 18 or older). Since traditional authorization models do not adequately meet access control requirements typical to DLs, in this paper, we propose a content-based authorization model suitable for a DL environment. Specifically, the most innovative features of our authorization model are: 1) flexible specification of authorizations based on the qualifications and characteristics of users (including positive and negative), 2) both content-dependent and content-independent access control to digital library objects, and 3) varying granularity of authorization objects ranging from sets of library objects to specific portions of objects.

[1] N. Adam, V. Atluri, E. Bertino, and E. Ferrari, “A Content-Based Authorization Model for Digital Libraries,” technical report, Computer Science Dept., Univ. of Milano, 1998.
[2] E. Ferrari, N. Adam, V. Atluri, and E. Bertino, “An Authorization System for Digital Libraries,” Submitted for publication.
[3] N. Adam and Y. Yesha, “Electronic Commerce and Digital Libraries: Towards a Digital Agora,” ACM Computing Surveys, Dec. 1996.
[4] V. Atluri and W.K. Huang, “An Authorization Model for Workflows,” Proc. Fourth European Symp. Research in Computer Security (ESORICS '96), 1996.
[5] E. Bertino, C. Bettini, E. Ferrari, and P. Samarati, “A Temporal Access Control Mechanism for Database Systems,” IEEE Trans. Knowledge and Data Eng., vol. 8, no. 1, pp. 67–80, Feb. 1996.
[6] E. Bertino, C. Bettini, E. Ferrari, and P. Samarati, “An Access Contro Model Supporting Periodicity Constraints and Temporal Reasoning,” ACM Trans. Database Systems, vol. 23, no. 3, pp. 231-285, 1998.
[7] E. Bertino, F. Buccafurri, E. Ferrari, and P. Rullo, “A Logic-Based Approach for Enforcing Access Control,” J. Computer Security, vol. 8, nos. 2 and 3, pp. 109–139, 2000.
[8] E. Bertino, F. Buccafurri, E. Ferrari, and P. Rullo, “A Logical Framework for Reasoning on Data Access Control,” Proc. 12th IEEE Computer Security Foundations Workshop, pp. 175–189, June 1999.
[9] E. Bertino, P. Samarati, and S. Jajodia, “A Flexible Authorization Mechanism for Data Management Systems,” ACM Trans. Information Systems, vol. 17, no. 2, pp. 101-140, 1999.
[10] E. Bertino, P. Samarati, and S. Jajodia, “An Extended Authorization Model,” IEEE Trans. Knowledge and Data Eng., vol. 9, no. 1, pp. 85–101, Jan./Feb. 1997.
[11] S. Castano and V. De Antonellis, M.G. Fugini, and B. Pernici, “Conceptual Schema Analysis: Techniques and Applications,” ACM Trans. Database Systems, vol. 23, no. 3, pp. 286–333, 1998.
[12] C.K. Baru and A. Rajasekar, “A Hierarchical Access Control Scheme for Digital Libraries,” Proc. Third ACM Int'l Conf. Digital Libraries, pp. 275–276, 1998.
[13] E. Ferrari, E. Bertino, C. Bettini, A. Motta, and P. Samarati, “On Using Materialization Strategies for a Temporal Authorization Model,” Proc. Post-SIGMOD Workshop Materialized Views: Techniques and Applications, pp. 34–41, 1996.
[14] A. Glenn and D. Millman, “Access Management of Web-Based Services An Incremental Approach to Cross-Organizational Authentication and Authorization,” D-Lib Magazine, 1998.
[15] E. Gudes, H. Song, and E.B. Fernandez, “Evaluation of Negative, Predicate, and Instance-Based Authorization in Object-Oriented Databases,” Database Security, IV: Status and Prospects, 1991.
[16] R. Holowczak, Extractors for Digital Library Objects, PhD thesis, Rutgers Univ., Dept. of MS/CIS, 1997.
[17] D. Jonscher and K.R. Dittrich, “An Approach For Building Secure Database Federations,” Proc. Int'l Conf. Very Large Database (VLDB), pp. 24-35, 1994.
[18] C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, 2nd ed., Prentice-Hall, 2002, p. 237.
[19] W. Kim, N. Ballou, J.F. Garza, and D. Woelk, “A Distributed Object-Oriented Database System Supporting Shared and Private Databases,” ACM Trans. Office Information Systems, vol. 9, pp. 31–51, 1991.
[20] U. Kohl, J. Lotspiech, and M.A. Kaplan, “Safeguarding Digital Library Contents and Users Protecting Documents Rather Than Channels,” D-Lib Magazine, 1997.
[21] T. Lunt, “Access Control Policies: some Unanswered Questions,” Computer&Security, vol. 8, no. 1, 1989.
[22] D. Millman, “Cross-Organizational Access Management A Digital Library Authentication and Authorization Architecture,” D-Lib Magazine, 1999.
[23] Proc. First ACM Workshop Role-Based Access Control, 1996.
[24] F. Rabitti, E. Bertino, W. Kim, and D. Woelk, “A Model of Authorization for Next-Generation Database Systems,” ACM Trans. Database Systems, vol. 16, no. 1, pp. 88–131, 1994.
[25] P. Samarati, E. Bertino, and S. Jajodia, “An Authorization Model for a Distributed Hypertext System,” IEEE Trans. Knowledge and Data Eng., vol. 8, no. 4, pp. 555–562, Aug. 1996.
[26] V.S. Subrahmanian, Principles of Multimedia Database Systems. Morgan Kaufmann, 1998.
[27] R.C. Summers, Secure Computing: Threats and Safeguards. Mc-Graw Hill, 1997.
[28] R.S. Sandhu et al., "Role-Based Access Control Models," Computer, Feb. 1996, pp. 38-47.
[29] B. Thuraisingham, “A Tutorial in Secure Database Systems,” MITRE technical report, 1992.
[30] S.H. Von Solms and I. Van Der Merwe, “The Management of Computer Security Profiles using a Role-Oriented Approach,” Computers&Security, vol. 13, no. 8, pp. 673–680, 1994.
[31] P. Weinstein and W.P. Birmingham, “Creating Ontological Metadata for Digital Library Content and Services,” Int'l J. Digital Libraries, 1998.
[32] M. Winslett, N. Ching, V. Jones, and I. Slepchin, “Using Digital Credentials on the World-Wide Web,” J. Computer Security, vol. 5, 1997.

Index Terms:
digital libraries, access control, authorization
N.R. Adam, V. Atluri, E. Bertino, E. Ferrari, "A Content-Based Authorization Model for Digital Libraries," IEEE Transactions on Knowledge and Data Engineering, vol. 14, no. 2, pp. 296-315, March-April 2002, doi:10.1109/69.991718
Usage of this product signifies your acceptance of the Terms of Use.