1. Technical Field
The present invention relates generally to data access control in data processing system networks and in particular to content-specific access control. Still more particularly, the present invention relates to extending existing content-specific access control mechanisms for Web pages to other communications protocols.
2. Description of the Related Art
Conventional data access control is based on restricting access to specific servers, storage media (e.g., hard disk drives), directories, or files regardless of their content. That is, access to content is controlled by restricting access to the location of the content, such as by preventing a user from accessing (retrieving and viewing or executing) a file (or datastream) containing the content, rather than being based on the content itself. This type of access control generally involves setting file attributes within the file system or an access control list. However, such access control techniques are poorly suited for contemporary large scale publication of content on the Internet, where filenames (or streaming sources) are often generated electronically along with the content, and where content is frequently updated, so that tracking filenames for content to be restricted is extremely complicated. It is also impossible for an individual unaware of the content of particular files to determine whether access to such files should be restricted.
There currently exists, for HyperText Transmission Protocol (HTTP) based systems, the ability for browsers to regulate, control and restrict the browsing of Web page content according to classifications contained in the content labels embedded in web pages. The content labels within a HyperText Markup Language (HTML) document, for example, are contained within a META tag for the document:
<META http-equiv=“PICS-Label” content=‘ (PICS-1.1<service url> [option. . .] labels[option. . .] ratings (<category> <value>. . .)[option. . .] ratings (<category> <value>. . .). . .<service url> [option. . .]labels[option. . .] ratings (<category> <value>. . .)[option. . .] ratings (<category> <value>. . .). . .. . .)’>The “PICS-1.1” reference is to a version of the content-labeling/rating protocol established by the Platform for Internet Content Selection, a working group affiliated with the World Wide Web Consortium (W3C). The protocol is described in greater detail at www.w3.org/PICS. Under this system, content labels are employed for either self-labeling by the content publisher or labeling by a rating service such as the Internet Content Rating Association (www.irca.org).
Content labels for HTML documents may be transmitted within the HTML document, with the HTML document in an HTTP (or other RFC-822-style protocol) header, or separately from the HTML document from a “label bureau,” which is typically just an off-the-shelf HTTP server running a special Common Gateway Interface (CGI) script. The labels from a label bureau may refer to any document that has an associated Uniform Resource Locator (URL), including those available through protocols other than HTTP, such as File Transfer Protocol (FTP), Gopher, or NetNews (see RFC-1738).
HTTP content labels are most frequently employed in filtering systems, such as those integrated with browsers to prevent children from inadvertently accessing sexually explicit or graphically violent material. Access to certain types of content identified by content label may be restricted. Privileged users of a system assign passwords to certain content label categories and non-privileged users must supply the correct password to view a web page containing content encompassed by a restricted category.
Content-specific filtering is generally only enabled within the HTTP engine of a browser. Where only the browser on a system employs content-based filtering, it is possible for users to bypass the intent of the content restrictions when accessing non-HTTP data which does not contain content labels, or by utilizing non-HTTP protocols which do not support content restriction. For example, a user may retrieve binary image data containing sexually explicit content utilizing the FTP engine of a browser which does not provide content-based access control for non-HTTP protocols, or receive similar content as an attachments to an electronic mail message. Alternatively, a non-privileged user may simply utilize the Network News reader program which is normally distributed with browsers. Even if the newsreaders supports content label-based access control, the privileged user (e.g., a parent) may not be sufficiently familiar with the Internet to understand that news groups also may contain sexually explicit or other undesirable material. These simple work-arounds can render existing browser content control methodologies ineffective.
It would be desirable, therefore, to allow privileged users, via password assignment, to further regulate, control, and restrict non-privileges user's ability to access, import, and export data external to the system or data within the system.