A distributed access control framework for XML document centric collaborations

Collaboratively working on documents within a distributed context is a non-trivial task, in particular if neither a centralized access control policy enforcement platform nor a centralized document repository can be assumed to be present. Decoupling the specification of the access control policy of documents from its later autonomous enforcement can make it easier to edit documents in a decentralized yet secure fashion. This paper introduces a distributed and fine grained access control framework for XML document centric collaborations. The framework addresses the authenticity, confidentiality, integrity, and traceability of circulated documents and their updates. It is fully distributed in that each participant can enforce and verify these security properties without relying on a central authority. Novel aspects of the proposed framework include the adoption of a decentralized key management scheme that provides support for the cryptographic enforcement of a credential based access control policy. This scheme is driven by the access interests expressed by the participants over document parts. A protocol for the controlled edition of a document is finally introduced based on these techniques.