Nothing Special   »   [go: up one dir, main page]

CN101164278A - XML document management method and system - Google Patents

XML document management method and system Download PDF

Info

Publication number
CN101164278A
CN101164278A CNA200680013175XA CN200680013175A CN101164278A CN 101164278 A CN101164278 A CN 101164278A CN A200680013175X A CNA200680013175X A CN A200680013175XA CN 200680013175 A CN200680013175 A CN 200680013175A CN 101164278 A CN101164278 A CN 101164278A
Authority
CN
China
Prior art keywords
xml document
xdms
document management
identity
xdmc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA200680013175XA
Other languages
Chinese (zh)
Inventor
鲍洪庆
招扬
田林一
孙谦
宋雪飞
彭程晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority claimed from PCT/CN2006/003659 external-priority patent/WO2007090332A1/en
Publication of CN101164278A publication Critical patent/CN101164278A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a system for managing XML documents, wherein the method comprises the following steps: XML document management client XDMC sends XML document management operation request to XML document management server XDMS through XCAP protocol; the XDMS judges whether the request is a delegation mode; when the request is in a delegation mode, the XDMS determines whether to execute the operation requested by the XDMC according to the corresponding access permission information of the XML document. The system comprises an XML document management client and an XML document management server, is provided with an XML document management operation consignment checking and processing unit, and executes corresponding processing of the XML document management operation requested by the client in an authorization consignment mode. The entrusted management operation of the XML document is realized, the management operation of the XML document is more flexible and convenient, and meanwhile, entrusted access is controlled by using the permission access information of the XML document, so that the safety of the XML document access of a user is ensured, the XML document is shared, and the accurate access control of the XML document is realized.

Description

Expandable mark language XML document management method and system
Expandable mark language XML document management method and system this application claims submitted respectively on 02 10th, 2006 and on 05 27th, 2006 Patent Office of the People's Republic of China, application number Fen Do be 200610033602.2 and 200610060886.4, entitled " XML document management system and its method and XML document access control method ", the Chinese patent application of " a kind of XML document management method and system " priority, entire contents are hereby incorporated by reference in the application.Technical field
Handled the present invention relates to areas of information technology, more particularly to expandable mark language XML document, specifically, be related to the management method and system of expandable mark language XML document.Background technology
Extensible markup language (XML, Extensible Markup Language) document management (XDM, XML Document Management) system be multiple communication services utility engines, can store and manage the data of miscellaneous service.Open Mobile Alliance(OMA, Open Mobile Alliance) preliminary specification has been formulated XDM systems, XDM systems mainly include following functions entity:
1. XDM clients (XDMC):XDM clients are to provide the entity for accessing XDM server.XDM clients can be terminal or server entity.XML configuration access agreements(XCAP, XML Configuration Access Protocol) resource correspondence one XML document or an XML document in element or attribute.XCAP resources are recognized by an XCAP URI.XDM clients use XML document by XCAP operations, and the U L that XDM clients should construct the resource of request operation based on the application method of application can be proceeded as follows:Create or one document of substitution;Delete a document;Obtain a document;Create or one element of substitution;Delete an element;Obtain an element;Create or one attribute of substitution;Delete an attribute;Obtain an attribute.Internet Engineering group IETF " The Extensible Markup Language (XML) Configuration Access Protocol " specification is specifically may refer on XCAP agreements.
2. XDM server (XDMS):Shared XDM server provides operation authorization, XML document management and XML document and changes the functions such as notice.Such as share XDM server store users to share I I list documents, URI List include reused by different business engine group, receive list, refuse Exhausted list etc..
3. Aggregation Proxy:XDM clients realize the contact point for accessing the XML document in XDM server, referred to as Aggregation Proxy in user equipment.Ordinary business practice engine server accesses XDM server and needs not move through Aggregation Proxy.Aggregation Proxy performs following function:1) authentication to XDM clients is performed.2) correct XDM server is arrived in route XCAP requests.3) it is compressed/decompresses in wave point.
In prior art, XML document management operation request person can only be document owner in itself, the various operations that the XML document that user can be possessed oneself performs XDM systems and allowed such as are deleted, changed, and a user can not operate to the document of other users.As shown in fig. 1, typically:XDM systems are mainly made up of following device:
XDM clients:It is the entity for accessing DM servers, may is terminal or server.Interacted when XDM clients are terminal by Aggregation Proxy with XDM server;Otherwise XDM clients are directly interacted with XDM server.XDM clients store XML document corresponding in certain XDM server using XCAP consultative managements.
Aggregation Proxy:When XDM clients are user equipment terminal, the XCAP requests of XDM clients are transmitted to appropriate XDM server by Aggregation Proxy, and the major function of Aggregation Proxy is route, is authenticated, compression etc..
It is engaged in the XDM months I device:XDM server is that multiple XDM clients store and managed XML document, notice is provided when respective document changes to have subscribed the client of some document changes to disappear still, the system operation be stored in XDM server document when can only by the owner for representing respective document client operation, other entities such as other users or application server can not be entrusted to operate XML document for it, made troubles to user.Have needs a kind of Analysis of Principal-Agent Mechanism in many cases, to allow client of some client by the operation agency by agreement such as its storage management to XML document to other users to carry out, that is, allows the XDM clients of other users to manage XML document for it.The mechanism for the control that conducted interviews to XML document is not provided in the prior art yet.The content of the invention
The embodiment of the present invention provides a kind of XML document management method, comprises the following steps:
XML document management server XDMS receives the XML document pipe sent by XCAP agreements Manage operation requests;
XDMS determines that the XML document management operation request is way of bailment;And determine whether to perform the operation described in the request according to the corresponding access permission information of XML document.
The embodiment of the present invention provides another XML document management method, Bao include Yi Xia Bu Sudden:XML document management server XDMS receives the XML document management operation request sent by XCAP agreements;
Whether the identity of the document owner with asking operation matches for XDMS inspections XDMC identity;
If it is, XDMS performs the operation that XDMC is asked;Otherwise XDMS, which according to the corresponding access permission information of XML documents authenticate, determines whether to perform the operation that XDMC is asked.
The embodiment of the present invention also provides a kind of XML document management system, including XML document management client and XML document management server, it is characterised in that XML document management operation commission inspection unit and processing unit are provided with the system,
The inspection unit, for verifying whether the XML document operation that the XML document management client is asked is authorization trust formula,
The processing unit, when the inspection of inspection unit is defined as authorization trust formula, is operated according to the cura specialis that delegable rule is performed to XML document.
The license access information of XML document is provided with the system, XDMS determines whether designated entities have to XML document according to the license access information and performs the authority that XDM is operated.
More appropriately, to the operation requests for asking to operate other DMC beyond the owner of document to send, XDMS is authenticated according to the license access information of the XML document, it is determined whether perform the operation that XDMC is asked.
The embodiment of the present invention also provides a kind of XML document management server, is provided with XML document management operation commission inspection unit and processing unit, including:
Inspection unit, for checking whether the XML document management operation that XML document management client is asked is way of bailment;
Processing unit, when the inspection of inspection unit is defined as authorization trust formula, is operated according to the cura specialis that delegable rule is performed to XML document.
The embodiment of the present invention provides another XML document management method, and Bao includes Yi Xia Bu Sudden: XML document management server XDMS receives the management operation request to XML document or its specific part that XML document management client XDMC is sent;
XDMS obtains XDMC identification information from request, and determines whether the operation that the corresponding XDMC of the execution identity is asked according to the corresponding access permission information of XML document.
In specific embodiments of the present invention, by carrying out delegable to the XDMC clients different from XML document owner, the mandatory administration operation of XML document is realized, the management of XML document is operated more flexibly, conveniently;Commission access is controlled using XML document license access information simultaneously, it is ensured that the security that user's XML document is accessed;
Due to enabling XML document to carry out mandatory administration, so the shared of XML document can be effectively realized;
The DMC clients for meeting XML document access consideration are enable to carry out defined operation to the specific part of XML document, it is achieved thereby that to the accurate access control of XML document.Brief description of the drawings
Accompanying drawing mentioned herein is used for providing a further understanding of the present invention, constitutes the part of the application, and schematic description and description of the invention is used to explain the present invention, does not constitute limitation of the invention.In the accompanying drawings:
Fig. 1 is the XML document management system schematic diagram of prior art;
Fig. 2 is the schematic diagram of XML document management system in embodiments of the invention;
Fig. 3 is the flow chart of XML document mandatory administration operation in the first embodiment of the present invention;Fig. 4 is the flow chart of the way of bailment inspection of XML document management method in the second embodiment of the present invention;
Fig. 5 is the message flow chart of XML document management method in the third embodiment of the present invention;Fig. 6 is the message flow chart of XML document management method in the fourth embodiment of the present invention.Embodiment
Illustrate the embodiment of the present invention with reference to Figure of description.
As shown in Fig. 2 An embodiment provides a kind of XML document management system.The XML document management system is managed including XML document(XDMC) agency, Aggregation Proxy and XML Document management server(XDMS), XDMS ends also have commission check and processing unit, XDMC agency Aggregation Proxy between and Aggregation Proxy and commission check and the subscribing/notifying message between processing unit and XDMS realized by SIP/IP Core.
XDMC agencies send XCAP and asked to Aggregation Proxy, Aggregation Proxy forwards a request to XDMS, XML document management operation commission in XDMS is checked and whether processing unit verifying XML document operation requests are authorization trust formula, and perform the XML document management behaviour that XML document management client asked and be correspondingly processed, confirmation message is sent from XDMS to Aggregation Proxy, Aggregation Proxy will confirm that message returns to XDMC agencies.
XML document management operation commission is checked and processing unit can include:Commission checks module, for checking whether the XML document management operation that XML document management client is asked is way of bailment;And authorization handler module, for judging whether way of bailment that commission checks that module determines is the way of bailment that authorizes, and in way of bailment for authorize way of bailment when performed according to delegable rule the cura specialis of XML document specific part operated.
Above-mentioned document file management system can also include XML document owner's client, and XML document owner's client is a kind of client of XML document management, and it is the actual owner of XML document, is connected with XDMS.XML document owner client formulates delegable rule, and delegable rule documents are sent into XDMS, and delegable rule mandate XDMC agencies perform the regulation management operation of the specific part of XML documents.
In addition, delegable rule documents can also be formulated by XDMS and store, run.
Delegable rule includes:Requester identity field, the sender for the XML management operation requests corresponding to mark rule;Operation object field, for identifying the corresponding XML document of the XML management operation or element-specific therein or attribute;Action type field, the type for identifying the XML management operation;Action field, the action that server is taken after being matched for mark rule.
XDM delegable rules are stored in XML document, some rules are included in document, which operation who can carry out to each rule declaration with commission order person to which kind of or which element in respective document.
The form of XDM delegable rule documents can use the framework similar with current mechanism framework (referring to bibliography [COMMONPOL]).Document includes a root element<ruleset>, root member Element<1 ^36^ comprising it is some represent one it is regular<1 ^>Daughter element, each<1" ^>Element is included
^ 0^" <condition> , <action>, <transformation>Wherein<condition>Element determines the effective term of this rule,<&(^011>Element determines the action taken when this rule comes into force, for example, allow, refusal, waits to be confirmed etc.,<tmnsforaiation>The processing to information is represented, is used herein refer to determine the content of the XML document of access control.
<Condition^ elements mainly include:
A ) Identity:User identity mark, such as sip:zhangsan@huawei.com
B ) Domain:Domain, such as@example.com
C ) Validity:The term of validity, such as 2005-8-1 8:00〜 2005-8-9 18:00
D ) Sphere:Position, such as home, work
It is right<3(^011>The extension of element is as follows:
<action>Element comprise at least but be not limited to it is following in one kind:
<get>Element, defines the action operated to GET;
<put>Element, defines the action operated to PUT;
<delete>Element, defines the action to DELETE operation;
<post>Element, defines the action to POST operation;
These actions can include:" allow ", " deny ", " confirm " is represented to allow respectively, is refused and need to confirm.
<transformation>If element is included<xpath>Daughter element,<xpath>The value of element is an XPATH expression formula, these ^ &>Be between element logic or(OR relation), the part for the XML document that specified visitor can access.
Other authorization rule document can also be another structure:
Similar [COMMON-POLICY], document is included<¾1^61;>Root element, if wherein comprising<mle>Element.
<mle>Element bag<.οη<1ΐ1ίοη>、 <action>、 <transformation>Three daughter elements.On this foundation stone goes out, the present embodiment exists<condition>Reinforcement openning element in element<method>, <method>The value of element at least includes but is not limited to one of GET, PUT, DELETE;< &113£01111& 011>Reinforcement p daughter elements in element<xpath>, any part for the XML that this rule is controlled is represented, its value is an XPATH expression formula,<¾^118&111^1011>Element can have some Individual ^ &1;11>Daughter element, these<xpath>The union of the part of XML document described by element expresses which part of rule control XML document.
XML document management system includes XML document management client in the specific embodiment of the present invention(XDMC), Aggregation Proxy and XML document management server(XDMS ).
The XCAP that XDMC sends operation XML document is asked to Aggregation Proxy, Aggregation Proxy forwards a request to corresponding XDMS, whether XDMS verifying XML documents operation requests are way of bailment, if request or way of bailment authentication that document owner sends then perform the XML document management operation that XML document management client is asked when passing through, then confirmation message is sent from XDMS to Aggregation Proxy, Aggregation Proxy will confirm that message returns to DMC.
In said process, when whether inspection XML document management operation request is way of bailment in XDMS, the mark of request message sender is obtained first.
When the system is realized using 3GPP IMS networks, XDMS obtains the mark of request message sender from X-3GPP- Asserted-Identity (or X-3GPP-Intended-Identity) field of message header;Otherwise when the request message passes through Aggregation Proxy, requestor is indicated and inserted in the X-XCAP-Asserted-Identity fields of message header by Aggregation Proxy, and XDMS obtains request message sender mark from the X- XCAP-Asserted-Identity fields of message header.
It can also include in XDMS:Commission checks module and commission authentication module, wherein commission check module be used for check send XML document management operation request XDMC identity whether by request operation document owner, it is specific to obtain the identity that requestor is obtained from the request message of XDMC transmissions, the identity of document owner is obtained from XML document simultaneously, and it is contrasted, allow operation if matching, be otherwise judged as way of bailment, turn to be handled by commission authentication module.Authentication module is entrusted, judges whether operation requests are authorized to for the access permission information according to destination document, XDMS performs asked operation if if authentication, otherwise refuses the request.
The XDMC clients of XML document owner set the access permission information of XML document, and access permission information is sent into XDMS, and access permission information is used to authorize the corresponding XDMC of non-document owner to perform XML document or the operation of its specific part.The owner of document is usually the founder of document.The identity of the owner of document typically may be stored in corresponding XML document.
Access permission information includes some rules of permission information for accessing correspondence document, per rule Illustrate which operation who can carry out to which kind of or which element in respective document, include per rule:Requestor's identity condition field, the condition that should be met for the XML management operation request persons identity corresponding to mark rule;Operation object field, for identifying the corresponding XML document of the XML management operation or element-specific therein or attribute;Action type field, the type for identifying the XML management operation;Action field, the action that server is taken after being matched for mark rule.
XDM access permissions information can be described in XML modes, include a root element<1.1^561;>, root element<ruleset>Include some one rules of permission of expression<11116>Daughter element, each!^ > elements include three elements<condition> , <action> , <transformation>.Wherein<0011(1 011>Element determines the effective term of this rule,<action>Element determines the action that this rule is taken when coming into force, for example, allow, refusal, it is necessary to confirm,< 8!18£"0]11^1011>The certain content part of the XML document of request access can be specified.
<condition>Element can include:
A ) Identity:User Identity, such as sip:zhangsan@huawei.com
B ) Domain:Domain, i " row mouth@example.com
C ) Validity:The term of validity, such as 2005-8-1 8:00〜 2005-8-9 18:00
D ) Sphere:Position, such as home, work
<action>Mainly include:
<action>IL elements comprise at least but be not limited to it is following in one kind:
<get>Element, defines the action operated to GET;
<put>Element, defines the action operated to PUT;
<delete>Element, defines the action to DELETE operation;
<post>Element, defines the action to POST operation;
<suspend>Element, defines the action to pending operation;
<resume>Element, defines the action to recovery operation;
<subscribe>Element, defines the action of the operation changed to subscription document.
These action values can be:" allow ", " deny ", " confirm " is represented to allow respectively, is refused and need to confirm.
<transformation>Element is comprising some< 2&1;11>Daughter element,<xpath>The value of element is one Individual XPATH expression formulas, these &>Be between element logic or(OR relation), the part for the XML document that specified visitor can access.
Other access permission information document can also be another structure:
Document bag<ηιΐ63εί>Root element, wherein comprising some<1 116>Element.
<11116>Element is included<condition>、 <action>、 <transformation>Three daughter elements.On this basis, the present embodiment exists<(;011(1 011>Reinforcement p daughter elements in element<method> , <method>The value of element at least includes but is not limited to one of GET, PUT, DELETE, POST, SUSPEND, RESUME, SUBSCRIBE;<^1^;¾1"11^〖011>Element includes daughter element<xpath>, any part for the XML that this rule is controlled is represented, its value is an XPATH expression formula, , these<xpath>The union of the part of XML document described by/L elements expresses which part of rule control XML document.
Embodiment 1
Fig. 3 is the flow chart of the XML document mandatory administration operation of the XML document management method of an alternative embodiment of the invention.
As shown in figure 3, XDM S are received after XDM operation requests, way of bailment judgement is carried out, checks that message sender iden-tity identifies whether to match with the identity of the owner of operated document, is general fashion if matching, is otherwise way of bailment.If general fashion, then according to the flow processing of prior art;If way of bailment, then the access permission information of the document of request is obtained, corresponding operation is performed according to access permission information.
Various regular situations described in XDM delegable documents are exemplified below:
Assuming that principal userA identity is: sip:UserA@example.com, entrusted person B's is designated sip:userB@example.com.Assuming that there is principal user A to be stored with XDMS following XML document:
http://xcap.example.eom/services/resource-lists/users/sip:userA@exampl e.com/friends.xml
<?xml version="1.0" encoding="UTF-8"?>
<resource-lists
xmlns="um:ietf:params:xml:ns:resource-lists">
<entry uri="sip:Andy@example.com">
<display-name>Andy</display-name>
</entry>
<entry uri="sip:Simon @example.com">
<display-name>Simon</display-name>
</entry>
</list>
<list name=" My—Middle— School— Classmates ">
<entry uri="sip :friendl @example.com">
<display-name>Friend 1 </display-name>
</entry>
<entiy uri="sip:friend2@example.com">
<display-name>Friend 1 </ display-name>
</entry>
<entry
<display-name>Friend 1 </display-name>
</entiy>
</list>
</resource-lists>
Principal A two list list are described in XML document above ,-individual entitled " My-Close-Friends ", one entitled " My-Middle-School-Classmates ".Assuming that userA allows the content in entrusted person userB readings or modification list " My-Middle-School-Classmates ".Then:
1 ) <condition>Daughter element in element< (16111¾ >For:
<identity>
<one id="userB@example.com" scheme="sip"/>
</identity>
2) <tmnsformation>Following daughter element is included in element: <xpath>
/resource-lists/list[@name=" My— Middle— School— Classmates "] </xpath>
3) <action>Element is:
<operation>
<get>allow</get>
<put>deny</put>
<delete>deny</ delete>
</operation>
Rule in corresponding access permission information is as follows:
<¾01^ 011>User B mark is included in element, illustrates that rule is applicable when sender of the message is B;
<&(^011>Comprising four daughter elements in element, first explanation allows to read(GET) operate, second explanation forbids write-in (PUT) operation, the 3rd explanation deletion disabled(DELETE) operate, the 4th explanation forbids POST operation;
<1^113!*0]111&11011>One is included in element< &^1>Element, specifies this rule is applied to which part of operation correspondence XML document with XPATH expression formulas, the operation to the list of entitled " My-Middle_School-Classmates " in correspondence XML document is applied to herein.
<mleset xmlns="um:ietf:params:xml:ns:common-policy">
<rule id="f3g44r3">
<condition>
<identity>
< scheme="sip"/> </identity>
</condition>
<action>
<get>allow</get>
<put>deny</put> <delete>deny</ delete>
<post>deny</post>
</action>
<transformation>
<xpath>/resource-lists/list[@name="
My— Middle— School— Classmates "〗
</ xpath >
</transformation>
</rule>
</ruleset>In way of bailment judgement, it can also be by increasing an attribute field in XCAP message, indicate whether as way of bailment.Attribute field is placed in message header, and XDMS obtains this attribute field when it receives a message, and way of bailment is determined whether accordingly.Embodiment 2
Fig. 4 is the flow chart that way of bailment is checked.As shown in figure 4, its process includes obtaining the User Identity of message issuer;Operation document owner's mark is asked in acquisition;If above two mark matching, is otherwise way of bailment for general fashion.
In addition, in the corresponding operating performed according to access permission information, such mode of operation can also be included:The related information of the identity of XML document management client is sent to XML document owner client request and confirmed by XML document management server, XML document owner client will confirm that information returns to XML document management server after confirming, if confirming result to authorize, then XML document management server performs asked operation, and otherwise refusal performs asked operation.
It is so that the XDMC of consigner or trustee are located in user equipment such as mobile phone or computer as an example if not illustrating in such scheme.In addition, no matter consigner or trustee, its XDMC be located at application server in when can not by Aggregation Proxy directly to corresponding XDMS send ask;It can be asked if when its XDMC is located in user terminal by Aggregation Proxy to corresponding XDMS forwardings are pretty.
Embodiment 3 Fig. 5 is the message flow chart of the ML document management methods of the third embodiment of the present invention.
User A commission alumnus records server Ss safeguard friend information for it.When a user A classmate B is added in the alumnus records of class where A, server is that user A safeguards the buddy list being stored in certain DMS, and user B is added in buddy list.
Reference picture 5, the message flow of XML document management method is as follows:
Step 501 user A's:DMC clients send XCAP message to Aggregation Proxy, and access permission information is set to alumnus records server S in its XDMS for storing buddy list, it is allowed to alumnus records server increase good friend into its buddy list " My Classmates ".
This request is transmitted to corresponding XDMS servers by step 502 Aggregation Proxy.
XDMS servers described in step 503 set user A access permission information, and operation success response message is returned to Aggregation Proxy;After the alumnus records of class where step 505 user B adds A, for user B to be added to user A buddy list, alumnus records server S sends XDM operation requests to this XDMS.
This XDMS of step 506 performs foregoing way of bailment and judges flow, and the message issuer i.e. mark of alumnus records server S and operation object owner A mark are obtained from message, and is compared, and way of bailment is defined as according to comparative result.
This XDMS of step 507 is identified according to the message issuer obtained from message, operation object and action type, it is good friend that the rules of permission information that control A is stored in the access permission information in this XDMS, which determines that alumnus records server S authorized agency user A performs increase user B in this XDM operations, right rear line A buddy list,.
Step 508XDMS sends operation success response message to alumnus records server.
In step 501, user A sends following message to corresponding XDMS when access permission information is set on corresponding XDMS:
PUT http://xcap.example.com/services/resource-lists/users/
sip:userA@example.com/friends.xml/ruleset/rule HTTP/1.1
Content-Type: application/xcap-el+xml
Content-Length: (...) <rule id="ck81 ">
<conditions>
<identity>
<id>sip:alumin@exampleservice.com</id>
</identity>
</conditions>
<actions>
<get>allow</get>
<put>allow></put>
<delete>deny</delete>
</actions>
<transformations>
<xpath>
/ resource-lists/list [@name=, My-Middle-School-Classmates "]</xpat >
</transformations>
</rule>
Wherein<rule id=ck81>One rules of permission of it element explanation definition, and three daughter elements therein:<conditions>" the applicable condition of bright rule, i.e., when message request person is<id>This rule is applicable during the alumnus records server indicated in element.<&(^011>The regular where applicable of element explanation, XDM servers are acted accordingly, wherein, first daughter element explanation allows to carry out GET operations, and second daughter element explanation allows to carry out PUT operations, and the 3rd daughter element explanation does not allow to carry out DELETE operation;It should be noted is that, do not designate whether to allow POST operation here, in practice, XDM servers there can be the action of acquiescence, conventional default-action is refusal herein, i.e., for undefined operation, server refusal is performed.<transformations>Element illustrates the operation object operated described in this rule, is the name in corresponding XML document at this
For the list of " My-Middle-School-Classmates ".
The sip addresses that Min determines the blunt business device S of alumnus records month are: sip:Alumni@exampleservice.com, user the A corresponding XCAP URI of access permission information are http://xcap.example om/services/resource-lists/users/sip:userA@example.co m/friends.xml/ruleset0
Wherein: sip:Alumni exampleservice.com are the identity of authorization object, represent that this access License Info defines the access control to alumnus records server;<get>allow</get>Represent to allow alumnus records server to read,<put>allow</put>Represent to allow alumnus records server to perform operation;<xpath>/ resource-lists/list [@name=, My-Middle-School-Classmates "]</xpath>Represent to allow alumnus records server operation My-Middel-School-Classmates lists.Corresponding XDMS is received after this message, creates XDM access permission conditional informations.
The message sent when alumnus records server increases user B into A buddy list wherein in step 505 is:
PUT http://xcap.example.com/services/shared-lists/users/
sip:userA@example.com/friends.xml/ ~~ /resource-lists/
list%5b@name=%22My_friends%22%5d/entry HTTP/1.1
Content-Type: application/xcap-el+xml
Content-Length: (...)
<entry uri="sip:friend2@example.com">
<display-name>Friend2</display-name>
</entry>
XDMS obtains the identity of message issuer from this message
"sip:Alumni@exampleservice.com ", and ask the identity " sip of the document owner of operation:UserA@example.com,, compare two identity results differences, it is way of bailment to judge this XDM operation requests.Referring next to step 1) the middle XDM access permission information set, determine that alumnus records server S has the mandate for performing this operation, then XDMS performs this XDM operations.If other alumnus records server S is located in the same LAN of XDMS operators or credit network, communication between the two can also be without Aggregation Proxy.
Other XDMS can not also judge whether XDMC identity match with document owner when receiving request message, but direct determined whether according to XML document access permission information can To perform operation, including Bu Sudden:XDMS judges whether the XML document access client of request access XML document meets XML document access permission condition, is operated if then performing the management to ML documents or its specific part asked, otherwise refuses the operation of request.That gives tacit consent in access permission conditional information assigns whole operating rights to document owner.
It can in addition contain by the way of confirming immediately, the relevant information and the operation information asked of the XML document access client for operation of asking to conduct interviews to XML document are confirmed while being sent to XML document owner's clients, and receive the confirmation that XML document owner client is returned.If confirming result to allow, XDMS performs asked operation, and otherwise refusal is performed.
XML document access permission condition can include but is not limited to one of following:The identity condition of XML document access client;Defined term of validity condition;Positional information condition of requestor etc..The Identity listed in such as first embodiment, Domain, Validity, Sphere etc..The specific part of XML document specified can also be included, the specific part of XML document can be identified with XPATH.The operation of asked XML document or its specific part can be carried out by meeting the XML document access client of XML document access consideration.The access operation that can be carried out can be read operation HTTP GET, write operation HTTP PUT, deletion action HTTP DELETE, search operaqtion HTTP POST etc..Execution result information is sent to XML document access client XDMC by XDMS after execution is operated successfully.
Embodiment 4
User A sets the access permission information on XDMS in XML document friends.xml by XDMC customer end As, and access of the authorized user B to XML document friends.xml is operated.User B is that user A sets buddy list in XML document friends.xml by XDMC customer end Bs.
As shown in Figure 6:Illustrate that the message flow of four embodiments of the mat woven of fine bamboo strips of the present invention is as follows below:
601. user A log in XDMC customer end As, the document for setting user A to be possessed
Friends.xml access permission information, Aggregation Proxy is sent to by access permission information by HTTP PUT message;
602. Aggregation Proxy forward the request to XDMS;
603. XDMS set XML document friends.xml License Info, are returned to Aggregation Proxy and show to operate successful response message;
The response message is sent to XMDC customer end As by 604. Aggregation Proxy; 605. user B log in XDMC customer end Bs, and user A is sent in as the request message that buddy list is set in the XML document of owner to XDMS by Aggregation Proxy;
606. XDMS receive above-mentioned request message, obtain message request person's mark, and obtain owner's mark of the target XML document of request, judge that described two marks are mismatched, for commission mode of operation;Authorization check is carried out according to the access permission information of target XML document;
After 607. inspections pass through, XDMS performs asked operation;
Execution result information is sent in the above-mentioned Bu Sudden (1) of XDMC clients ^ by 608. XDMS by Aggregation Proxy, and the request message is:
PUT/services/resource-lists/users/sip:userA@example om/friends.xml/ mleset HTTP/1.1
Content-Type: application/xcap-el+xml
Content-Length: (...)
<ruleset xmlns="urn:ietf:params:xml:ns: common-policy ">
<rule id-"ck61">
<conditions>
<identity>
<id>sip: useB @example. com</id>
</identity>
</conditions>
<actions>
<get>allow</get>
<put>allow></put>
<subscribe>allow</ subscribe>
</actions>
</rule>
</ruleset>
In above-mentioned message, element<condition>Daughter element<1(161^ >Element illustrates authorization object For user B;Element<actions>The daughter element of element<get> allow</get>I ^ allow user B to carry out HTTP GET operations to XML document friends.xml,<put>allow</put>I^^ allows user B to carry out HTTP PUT operations to XML document friends.xml;
B carries out subscribing to its operation changed to XML document friends.xml, does not exist<&(^011>Other operation acquiescences do not allow as defined in element.
In above-mentioned Bu Sudden 605, the message that XDMC customer end Bs are sent is specially:
PUT
/services/resource-lists/users/sip:userA@example om/friends.xml/~~/ resource-lists/list%5b@name=%22My_Friends%22%5d/
HTTP/1.1
Content-Type: application/xcap-el+xml
Host: xcap.example.com
<list name="My_Friends">
<entry uri^" sip: j ohn@example.com">
<display-name>John Smith</display-name>
</entry>
<entry uri="sip :nancy@example . com">
<display-name>Nancy Cliton</ display-name>
</entry>
<entry uri="sip:tom@example.com">
<display-name>Tom Cruise</ display-name>
</entry>
</list>
I.e. request increases in three friend informations, above-mentioned steps 606, and XDMS extracts message request person's mark sip from request message:UserB@example. com, and obtain owner's mark sip of the destination document of request:UserA@example.com, two marks are mismatched, therefore just access permission information set in blunt (1) according to above-mentioned steps carries out authorization check to requestor user B, access permission rules of the XDMS in above-mentioned inspection License Info, determines that requestor user B possesses to request target text Shelves friends.xml reading, the authority such as establishment and modification, therefore DMS allow to perform the operation requests.
In above-mentioned step Sudden 607, XDMS performs asked operation according to the result in step 606, and the buddy list specified in message is added in Mends.xml documents of the user Α as owner.
Above-described embodiment is for instruction and explanation of the principle of the present invention.It is appreciated that the embodiment not limited to this of the present invention.To those skilled in the art, the various changes and modifications carried out on the premise of the spirit and scope of the invention are not departed from are encompassed by within protection scope of the present invention.Therefore, protection scope of the present invention is determined by claim.

Claims (1)

  1. Claim
    1. a kind of XML document management method, it is characterised in that comprise the following steps:
    XML document management server XDMS receives the ML document management operation requests sent by XCAP agreements;
    XDMS determines that the XML document management operation request is way of bailment;And determine whether to perform the operation described in the request according to the corresponding access permission information of XML document.
    2. the method as described in claim 1, it is characterised in that the step of determination XML document management operation request is way of bailment includes:
    The blunt identity that the XDMS for sending the XML document management operation request is obtained according to the XML document management operation request of XDMS4, and destination document owner mark;
    XDMS judges that the identity of the XDMS for sending the XML document management operation request is identified with destination document owner and mismatched.
    3. method as claimed in claim 2, it is characterised in that the identity that the XDMS obtains the XDMS clients for sending the XML document management operation request according to the XML document managements operation requests is specially:
    When being realized in 3GPP IMS networks, and when GAA mechanism is provided, the identity of the XDMC by XDMS from the X-3GPP-Asserted-Identity in request message or
    Obtained in X-3GPP-Intended-Identity;
    Otherwise obtained from the X-XCAP-Asserted-Identity in request message.
    4. the method as described in claim 1, it is characterised in that commission mark is carried in the XML document management operation request;It is described to determine that the XML document management operation request is specially for way of bailment:
    The XDMS determines that the XML document management operation request is way of bailment according to the commission mark.
    5. method as claimed in claim 2, it is characterised in that the access permission information includes:Identity, action field and action type field;
    The XDMS determines whether to perform the operation that XDMC is asked according to the action field and action type field corresponding to the identity for obtaining the XDMC for sending operation requests from access permission information.
    6. method as claimed in claim 5, it is characterised in that the corresponding action field of each identity in the access permission information at least includes one of:Allow, refuse, it is necessary to confirm;
    The corresponding action type field of each identity at least includes one of:Read operation, establishment operation, modification operation, deletion action, search operation, pending operation, recovery operation and subscription operation.
    7. method as claimed in claim 5, it is characterised in that also included in the access permission information:The information of the specific part of permit operation XML document is specified,
    Operations of the XDMS according to the information of the specific part of the specified permit operation XML document to the specific part of the corresponding XML document of XML document management operation request, wherein the cura specialis operation to XML document at least include it is one of following:
    Read operation HTTP GET, write operation HTTP PUT, deletion action HTTP DELETE^ search operaqtion HTTP POST.
    8. method as claimed in claim 7, it is characterised in that the specific part of the XML document is represented with XPATH expression formulas.
    9. the method as described in any one of claim 1 to 8, in addition to:The XDMC sets the corresponding access permission information of XML document beforehand through XCAP agreements on the XDMS.
    10. a kind of XML document management method, it is characterised in that comprise the following steps:XML document management server XDMS receives the XML document management operation request sent by XCAP agreements;
    Whether the identity of the document owner with asking operation matches for XDMS inspections XDMC identity;
    If it is, XDMS performs the operation that XDMC is asked;Otherwise XDMS, which according to the corresponding access permission information of XML documents authenticate, determines whether to perform the operation that XDMC is asked.
    11. method as claimed in claim 10, it is characterised in that the identity of the XDMC is obtained in being the request message that XDMS is sent from XDMC.
    12. method as claimed in claim 10, it is characterised in that
    When being realized on 3GPP IMS Wang Network, and when GAA mechanism is provided, the identity of the XDMC by XDMS from the X-3GPP-Asserted-Identity in request message or
    Obtained in X-3GPP-Intended-Identity;
    Otherwise obtained from the X-XCAP-Asserted-Identity in request message.
    13.-kind of XML document management system, including XML document management client and XML document management server, it is characterised in that XML document management operation commission inspection unit and processing unit are provided with the system,
    The inspection unit, for verifying whether the XML document operation that the XML document management client is asked is authorization trust formula,
    The processing unit, when the inspection of inspection unit is defined as authorization trust formula, is operated according to the cura specialis that delegable rule is performed to ML documents.
    14. system as claimed in claim 13, it is characterised in that the license access information of XML documents is provided with the system, XDMS determines whether designated entities have to XML documents according to the license access information and performs the authority that XDM is operated.
    15. system as claimed in claim 14, it is characterised in that
    To the operation requests for asking to operate other XDMC beyond the owner of document to send, XDMS is authenticated according to the license access information of the XML document, it is determined whether perform the operation that XDMC is asked.
    16. system as claimed in claim 13, it is characterized in that, the XML document management operation commission inspection unit and processing unit are arranged in XDMS, for check the XDMC for sending XML document management operation request identity whether by request operate the owner of document, whether be authorization trust formula to judge that asked XML document is operated;
    Judge whether operation requests are authorized to according to the access permission information of destination document.
    17. a kind of XML document management server, it is characterised in that be provided with XML document management operation commission inspection unit and processing unit, including:
    Inspection unit, for checking whether the XML document management operation that XML document management client is asked is way of bailment;
    Processing unit, when the inspection of inspection unit is defined as authorization trust formula, is operated according to the cura specialis that delegable rule is performed to XML document.
    18. a kind of XML document management method, it is characterised in that comprise the following steps:
    XML document management server XDMS receives the management operation request to XML document or its specific part that XML document management client XDMC is sent;
    XDMS obtains XDMC identification information from request, and determines whether the operation that the corresponding XDMC of the execution identity is asked according to the corresponding access permission information of XML document.
    19. method as claimed in claim 18, it is characterised in that the access permission information includes:
    The identity of XML document access client, action field and action type field;
    XDMS obtains the action field and action type field corresponding to the identity for the XDMC for sending operation requests, and determines whether the operation that the corresponding XDMC of the execution identity is asked according to the action and action type.
    20. method as claimed in claim 19, it is characterized in that, when the realization in 3GPP IMS networks, and when providing GAA mechanism, the identity of the XDMC is obtained by XDMS from the X-3GPP- Asserted-Identity or X-3GPP-Intended-Identity in request message;Otherwise obtained from the X- XCAP-Asserted-Identity in request message.
CNA200680013175XA 2006-02-10 2006-12-29 XML document management method and system Pending CN101164278A (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN200610033602A CN1859402B (en) 2006-02-10 2006-02-10 XML file manging system and its method, and control method for XML file access
CN200610033602.2 2006-02-10
CN200610060886.4 2006-05-27
PCT/CN2006/003659 WO2007090332A1 (en) 2006-02-10 2006-12-29 A method and system for managing xml document

Publications (1)

Publication Number Publication Date
CN101164278A true CN101164278A (en) 2008-04-16

Family

ID=37298264

Family Applications (2)

Application Number Title Priority Date Filing Date
CN200610033602A Active CN1859402B (en) 2006-02-10 2006-02-10 XML file manging system and its method, and control method for XML file access
CNA200680013175XA Pending CN101164278A (en) 2006-02-10 2006-12-29 XML document management method and system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN200610033602A Active CN1859402B (en) 2006-02-10 2006-02-10 XML file manging system and its method, and control method for XML file access

Country Status (1)

Country Link
CN (2) CN1859402B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719909B (en) * 2009-11-23 2012-05-02 烽火通信科技股份有限公司 Method for realizing XCAP client in home gateway
CN101795259B (en) * 2009-02-03 2012-10-17 华为技术有限公司 Method for creating entity tag and user data center

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007090332A1 (en) 2006-02-10 2007-08-16 Huawei Technologies Co. , Ltd. A method and system for managing xml document
WO2008093781A1 (en) * 2007-02-02 2008-08-07 Sony Corporation Information processing device, method, and program
CN101878633A (en) 2007-11-30 2010-11-03 爱立信电话股份有限公司 Method and apparatus for use in xml document management architecture
CN101286875B (en) * 2008-03-31 2011-11-16 华为技术有限公司 Method, system, device and terminal for batch processing XML document
WO2010000319A1 (en) * 2008-07-03 2010-01-07 Telefonaktiebolaget Lm Ericsson (Publ) Communicating configuration information in a communications network
CN101626365B (en) * 2008-07-11 2013-03-27 中兴通讯股份有限公司 Directory server and system and method for realizing LDAP extended operation
US8938668B2 (en) * 2011-08-30 2015-01-20 Oracle International Corporation Validation based on decentralized schemas
CN103684789B (en) * 2013-12-14 2017-01-04 中国航空工业集团公司第六三一研究所 The identity identifying method based on XML of onboard networks service system application
CN104331522B (en) * 2014-11-28 2018-03-30 迈普通信技术股份有限公司 OEM information method for customizing and OEM equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60232359D1 (en) * 2001-11-23 2009-06-25 Research In Motion Ltd SYSTEM AND METHOD FOR PROCESSING DOCUMENTS IN EXPANDABLE MARKING LANGUAGE (XML)
NO20024840L (en) * 2002-05-31 2003-12-01 Telenor Asa Method and apparatus in a telecommunications network
EP1462949A1 (en) * 2003-03-22 2004-09-29 Cegumark AB A system and method relating to access of information
CN100334832C (en) * 2003-12-10 2007-08-29 联想(北京)有限公司 Method for intelligent sharing file resources wireless network grids

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101795259B (en) * 2009-02-03 2012-10-17 华为技术有限公司 Method for creating entity tag and user data center
CN101719909B (en) * 2009-11-23 2012-05-02 烽火通信科技股份有限公司 Method for realizing XCAP client in home gateway

Also Published As

Publication number Publication date
CN1859402B (en) 2010-05-12
CN1859402A (en) 2006-11-08

Similar Documents

Publication Publication Date Title
US9208336B2 (en) Extensible markup language document management method and system
CN101164278A (en) XML document management method and system
US10193844B1 (en) Secure cloud-based messaging and storage
US20200081878A1 (en) Universal data aggregation
US10264095B2 (en) Control for inviting an unauthenticated user to gain access to display of content that is otherwise accessible with an authentication mechanism
US10754826B2 (en) Techniques for securely sharing files from a cloud storage
US8976008B2 (en) Cross-domain collaborative systems and methods
CN101282330B (en) Method and apparatus for managing network memory access authority, network memory access control method
JP7491967B2 (en) Apparatus and method for managing external permission grants and external messaging communication requests in a group-based communication system - Patents.com
US8516031B2 (en) Network-based system for social interactions between users
US20050091316A1 (en) System and method for creating and selectively sharing data elements in a peer-to-peer network
EP1559240B1 (en) System and method for add-on services, secondary authentication, authorization and/or secure communication for dialog based protocols and systems
WO2011041073A1 (en) Systems and methods for secure and authentic electronic collaboration
JP2004512594A (en) How to control access to Internet sites
JP5006677B2 (en) Invitation-based member service providing system and invitee duplicate registration authentication method
CN101091176A (en) Use of configurations in device with multiple configurations
US20090271870A1 (en) Methods, apparatuses, and computer program products for providing distributed access rights management using access rights filters
WO2011032501A1 (en) Method, device and system for forwarding document content in extensible markup language document management
US20050262575A1 (en) Systems and methods to secure restricted information
JP2005202715A (en) Classified information transfer system
JP2011022824A (en) Service providing system, and method and program for collecting proxy processing logs
KR20050106169A (en) Management system and method for internet unification account and preservation
JP7139807B2 (en) Information processing device, information processing system, and information processing program
KR101199339B1 (en) Server, device and the method for providing community services based on co-ownership
JP4276596B2 (en) Access control proxy device, access control proxy system, access control proxy method, and access control proxy program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication