Rule Based Infrastructure: A Design and Runtime System for Enabling XML Schema Driven Applications

Organizations that wish to decentralize their information processing have significant hurdles to overcome. When information processing is centralized, it is relatively easy to enforce organizational policies for creating and updating records because few individuals actually touch or update core information systems. Decentralizing this type of process increases an information system's user base (and value) but dramatically increases the complexity of enforcing organizational policies. Role Based Access Control (RBAC) has been an effective solution for decreasing the complexity of managing large numbers of users.

Applying RBAC within individual information systems is relatively straight forward. However, applying RBAC across multiple relying applications to discrete pieces of information such as a social security or credit card number is not an easy task. A decentralized information processing system must allow fine grained access control over the organization's information.

We use W3C XML Schema (WXS), the eXtensible Access Control Markup Language (XACML), and web services to enable organizations to define fine-grained (data level) access control policies in a network of distributed applications. Information rules and policies are expressed separately and transparently merged to dynamically generate user interfaces that enforce the appropriate policies when sensitive data items are to be captured or displayed.