A General Approach for Securely Querying and Updating XML Data
Over the past years several works have proposed access control models for XML data where only read-access rights over non-recursive DTDs are considered. A few amount of works have studied the access rights for updates. In this paper, the authors present a general model for specifying access control on XML data in the presence of update operations of W3C XQuery Update Facility. Their approach for enforcing such updates specifications is based on the notion of query rewriting where each update operation defined over arbitrary DTD (recursive or not) is rewritten to a safe one in order to be evaluated only over XML data which can be updated by the user.