1. Technical Field
The present invention relates generally to an improved data processing system and more particularly the present invention provides a method, apparatus, and computer instructions for implementing XSL/XML based authorization rules policy on a given set of data.
2. Description of Related Art
In recent years, the popularity of consumers using the Internet to buy and sell products and services has increased. This popularity enhances the opportunity for companies to provide a variety of goods and services to both the consumers and to each other. As the demand for performing transactions online grows, a need exists for a common language or syntax that allows businesses to exchange data across the Internet, so that they can take advantage of the opportunity to provide their goods and services. This need becomes the reason behind the emergence of extensible markup language (XML).
Unlike hypertext markup language (HTML), which defines a set of specific tags for formatting and displaying data, XML allows users to customize the tags specific for an application that represents the contextual meaning of the data. Hence, XML enables businesses to exchange structured common data freely across the Internet without restriction of the browser. Since XML is a standard maintained by the World Wide Web Consortium (W3C), a new business or entity may implement XML easily by referring to the latest specification. Although XML provides the capability to exchange data freely across the Internet, XML also restricts the users to agree on the same schema or data type definition (DTD). This restriction becomes a problem especially for users who do not exchange data very often. Therefore, a new standard proposed by W3C has been established to convert XML documents that conform to one schema into documents that conform to other schemas, making information much easier to pass back and forth between different systems. This new standard is called extensible stylesheet language (XSL).
XSL consists of three parts: (1) extensible stylesheet language translation (XSLT), a language for transforming XML documents; (2) XPath, a language for defining parts of an XML document; and (3) XSL formatting objects, a vocabulary for formatting XML documents. XSLT is a language that allows the user to convert XML documents into other XML documents, HTML documents, or plain text files. By using a stylesheet in XSLT, users specify changes they would like to make to the XML document by using specialized XML elements and attributes. This feature allows users to delete, rename, and reorder any components of the input XML document to generate an output document with the desired format. Another aspect of XSL is XPath, which allows users to specify the path through the XML document tree from one part to another. XPath provides a functionality to obtain a specific element or attribute names and values in an XML document. XPath defines pattern matching to find an element or attributes with a specific parent or child. XPath also defines addressing for elements relative to the root of the document (absolute path) or to the current element (relative path).
With the help of XML and XSL, data exchange between businesses across the Internet becomes a reality. However, the user community raises concerns over security of such data exchange. Particularly, security of accessing resources that are meant to be protected is of concern. These resources include, for example, personal credit card information, social security numbers, and passwords. One mechanism used to meet these concerns is by a method called authorization rule policy.
An authorization rule policy is used to control access to protected resources. The policy consists of two parts: (1) role-based access control that assigns rights according to the user roles and (2) instance-based extensions that utilize authorization rules that evaluate external access decision information (ADI).
In most applications, the authorization rule policy, syntax, and data is proprietary to a specific implementation. The administrator has to understand the syntax and the limitations of the variables of the implementation. Moreover, the implementation is not easily adapted to Web applications where XML is employed. When confronted with XML standard-based applications, such as ebXML, LegalXML, XACML, communications protocol messages SOAP, or XML based assertion or identity or authority SAML, the existing rule implementation is limited to conditions where the rules engine must know or understand these formats in order to manipulate the data. This limitation of implementation imposes rules of translation upon the incoming data, which can be proprietary and intolerant to the data format or protocol.
Therefore, when new data format is released, the new data format has to be considered. This type of catering is a cumbersome task for users to maintain. Therefore, it would be advantageous to have an improved method, apparatus, and computer instructions for implementing the authorization rule policy that is more flexible in adapting to new applications that employ XML data, formats, and protocols.