CN1859402A - XML file manging system and its method, and control method for XML file access - Google Patents
XML file manging system and its method, and control method for XML file access Download PDFInfo
- Publication number
- CN1859402A CN1859402A CN 200610033602 CN200610033602A CN1859402A CN 1859402 A CN1859402 A CN 1859402A CN 200610033602 CN200610033602 CN 200610033602 CN 200610033602 A CN200610033602 A CN 200610033602A CN 1859402 A CN1859402 A CN 1859402A
- Authority
- CN
- China
- Prior art keywords
- xml document
- client
- document management
- rule
- bookkeeping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The present invention relates to XML document commitment management method. It contains 1, XML document management client-side sending XML document management operation request to XML document management server; 2, XML document management server receiving said XML document management client-side XML document operation request and judging whether satisfying said XML document management operational commitment authorizing rule validation condition; 3, when XML document management client-side request satisfying XML document management operational commitment authorizing rule validation condition, then executing rule specified XML document management operation otherwise executing non-authorizing commitment processing. The present invention effectively realizes XML document commitment administrative operation.
Description
Technical field
The present invention relates to the management of XML document, relate in particular to the mandatory administration of XML document.
Background technology
XML (extend markup language) document management (XDM) system is the utility engines of multiple business, can store and manage the data of various engines.The XDM system mainly comprises following functional entity:
1.XDM client (XDMC): the XDM client provides the entity that inserts different XDM servers.The XDM client may be terminal or server entity.The XDM client is to insert the entity of XCAP resource in the XDM server.The element and the attribute of the corresponding XML document of XCAP resource.The XCAP resource is discerned by a HTTP URI.The XDM client is operated by HTTP and is used XML document.The XDM client should be constructed RequestedURI based on the using method of using.Can carry out following operation: create or replace a document; Delete a document; Obtain a document; Create or replace an element; Delete an element; Obtain an element; Create or replace an attribute; Delete an attribute; Obtain an attribute.
2. share XDM server (XDMS): sharing the XDM server provides authentication, management and informing function.Share the XDM server and support the URI tabulation.The URI tabulation comprises group, acceptance tabulation, the refusal tabulation of being reused by the different business engine.
3. the specific functive of engine comprises:
1) the specific XDM server of engine, the specific XDM server of engine mainly provides following function:
Authentication to SIP or XCAP request;
The XML document that management engine is specific;
Change notice to a plurality of documents in the specific XDM server of engine is carried out polymerization;
The change of the specific XML document of this type of engine of storing in the network is notified to the subscriber.
2) engine particular server is the service server of each service enabler.
4. Aggregation Proxy: the XDM client realizes inserting the contact point of the XML document on the XDM server at subscriber equipment, is referred to as Aggregation Proxy.Aggregation Proxy is carried out following function:
1) execution is to the authentication of XDM client.
2) route XCAP asks correct XDM server.
3) support to charge.(optional)
4) support compression/decompression at wave point.
5.SIP/IP being server, core:SIP/IP core for example acts on behalf of internet with register machine etc., for the XDM document file management system provides multiple service, and route for example, authentication, compression etc.
In the prior art scheme, being provided with of configuration information must be XDM client itself, do not have the mechanism of entrusting.As shown in fig. 1, the system that is provided with of typical configuration information mainly contains with lower device and forms:
A) XDM client: be the entity that inserts different XDM servers, may be terminal or server.When the XDM client is terminal by Aggregation Proxy and XDM server interaction; Otherwise the XDM client is direct and the XDM server interaction.The XDM client is used the corresponding XML document on XCAP consultative management storage and certain XDM server.
B) Aggregation Proxy: when the XDM client was the subscriber equipment terminal, the XCAP of XDM client request was transmitted to appropriate XDM server by Aggregation Proxy, and the major function of Aggregation Proxy is a route, authentication, or charge compression.
C) XDM server: the XDM server is a plurality of XDM client stores and management XML document, and for the client of having subscribed to some document change provides notification message when respective document changes, the XDM server also provides authentication functions.
The existing shortcoming of this system is, the XDM client can only be operated by itself when it is stored in XML document on the XDM server in operation, and when the inconvenient own operation of XDM client, can not entrust other entities is its operation, makes troubles to the user.
Need a kind of agency mechanism under a lot of situations but have, carry out to other clients its operation agent such as storage administration, promptly allow other XDM clients be its storage or manage its XML document XML document to allow certain client.And, in the prior art not can to XML document conduct interviews control mechanism.
Summary of the invention
One of purpose of the present invention provides a kind of XDM of making client and can entrust other entities to carry out the XDM method of operating, makes the XDM client can carry out the XDM operation easily.
In order to reach above-mentioned purpose, the technical solution used in the present invention is, a kind of XML document management method is provided, and comprise step: (1) XML document administrative client sends the XML document management operation request to the XML document management server; (2) the XML document management server receives the XML document management operation request of described XML document administrative client and judges whether the request of XML document administrative client satisfies the effective term of the delegable rule of described XML document bookkeeping; (3) when the effective term of delegable rule of XML document bookkeeping is satisfied in the request of XML document administrative client, the XML document bookkeeping of executing rule regulation, otherwise carry out unauthorized trust processing procedure.
Preferably, the XML document bookkeeping of described regular defined comprises: to the cura specialis operation of XML document specific part.
Another object of the present invention provides a kind of XDM of making client and can entrust other entities to carry out the XDM operated system.
In order to reach above-mentioned purpose, the technical solution used in the present invention provides a kind of XML document management system, comprise XML document administrative client and XML document management server, described XML document administrative client is connected with the XML document management server, between described XML document administrative client and XML document management server, also be provided with the XML document bookkeeping and entrust inspection and processing unit, whether the XML document operation that this XML document bookkeeping entrusts inspection and processing unit to verify that described XML document administrative client is asked is the authorization trust formula, and the XML document bookkeeping that execution XML document administrative client is asked is handled accordingly.
Preferably, wherein said XML document bookkeeping entrusts inspection and processing unit to comprise: entrust and check module, be used to check whether the XML document bookkeeping that the XML document administrative client is asked is way of bailment; Authorization handler module is used to judge whether the way of bailment of entrusting the inspection module to determine is the way of bailment of mandate, and according to regular execution of delegable the cura specialis of XML document specific part is operated when way of bailment is the way of bailment of authorizing.
The 3rd purpose of the present invention provides the method that a kind of and above-mentioned XML document management method and XML document management system realize the XML access control accordingly.
For reaching above-mentioned purpose, the technical solution used in the present invention is a kind of XML document access control method, comprise: steps A: whether the XML document access client of judging request visit XML document satisfies the XML document access consideration, if then carry out (2), otherwise withdraws from this processing procedure; Step B: the accessing operation that the XML document access client that satisfies the XML document access consideration is according to the rules carried out to the XML document specific part, carry out the XML document accessing operation of described XML document access client to the regulation of the specific part request execution of described XML document.
Technique effect of the present invention has the following aspects:
1. the present invention has realized the mandatory administration operation of XML document by the administrative client that is different from the XML document owner is carried out delegable, makes the bookkeeping of XML document flexible more, convenient;
Since the present invention make XML document can carry out mandatory administration, share so can realize the management of XML document effectively;
3. the present invention makes the operation that the XML document access client that satisfies the XML document access consideration can be stipulated the specific part of XML document, thereby has realized the accurate access control to XML document.
Description of drawings
Fig. 1 is the XML document management system schematic diagram of prior art;
Fig. 2 is the schematic diagram of the XML document management system of one embodiment of the present of invention;
Fig. 3 is the flow chart that the XML document mandatory administration of the XML document management method of an alternative embodiment of the invention is operated;
Fig. 4 is the flow chart that the way of bailment of the XML document management method of embodiment among Fig. 3 is checked;
Fig. 5 is the message flow chart of the XML document management method of the third embodiment of the present invention.
Embodiment
Fig. 2 is the schematic diagram of the XML document management system of one embodiment of the present of invention.
As shown in the figure, this XML document management system comprises XML document management (XDMC) agency, Aggregation Proxy and XML document management server (XDMS), also have to entrust at XDMS end and check and processing unit, between XDMC agency and the Aggregation Proxy and the subscribing message between Aggregation Proxy and trust inspection and processing unit and the XDMS by SIP/IP Core realization.
The XDMC agency sends XCAP and asks to Aggregation Proxy, Aggregation Proxy is transmitted to XDMS with request, whether trust inspection among the XDMS and processing unit verifying XML document operation requests are the authorization trust formula, and the XML document bookkeeping that execution XML document administrative client is asked is handled accordingly, send acknowledge message by XDMS to Aggregation Proxy, Aggregation Proxy returns to the XDMC agency with acknowledge message.
The XML document bookkeeping entrusts inspection and processing unit to comprise: entrust and check module, be used to check whether the XML document bookkeeping that the XML document administrative client is asked is way of bailment; And authorization handler module, be used to judge whether the way of bailment of entrusting the inspection module to determine is the way of bailment of mandate, and when way of bailment is the way of bailment of authorizing, the cura specialis of XML document specific part operated according to regular execution of delegable.
Above-mentioned document file management system can also comprise XML document owner client, and this XML document owner client is a kind of client of XML document management, and it is the actual owner of XML document, is connected with XDMS.XML document owner's client is formulated the delegable rule, and delegable rule document is sent to XDMS, and the delegable rule authorizes the XDMC agency to carry out the regulation bookkeeping of the specific part of XML document.
In addition, delegable rule document also can be formulated and be stored by XDMS, operation.
The delegable rule comprises: requestor's identification field is used for the sender of the pairing XML management operation request of mark rule; The operand field is used to identify XML document or the element-specific wherein or the attribute of described XML bookkeeping correspondence; The action type field is used to identify the type of described XML bookkeeping; Action field is used for the action that mark rule coupling back server is taked.
XDM delegable rule is kept in the XML document, comprises several rules in the document, and which operation each rule declaration who can commission order person carry out to which kind of or which element in the respective document.
The form of XDM delegable rule document can adopt and the similar framework of current mechanism framework (referring to list of references [COMMONPOL]).Document comprises a root element<ruleset 〉, root element<ruleset comprise a rule of some expressions<rule daughter element, each<rule element comprises three element<condition,<action 〉,<transformation.Wherein<and condition〉element determines the effective term of this rule,<action〉element determines the action taked when this rule comes into force, for example allow, refusal, wait acknowledge etc.,<transformation〉expression is to information processing, is used for specifying the content of the XML document of access control here.
<condition〉element mainly comprises:
A) Identity: user identity sign, for example sip:zhangsan@huawei.com
B) Domain: territory, Li Ru @example.com
C) Validity: the term of validity, for example 2005-8-18:00~2005-8-9 18:00
D) Sphere: position, home for example, work
Right<action〉expansion of element is as follows:
<action〉element a kind of including but not limited in following at least:
<get〉element, definition is to the action of GET operation;
<put〉element, definition is to the action of PUT operation;
<delete〉element, definition is to the action of DELETE operation;
<post〉element, definition is to the action of POST operation;
These actions can comprise: " allow ", and " deny ", " confirm ", expression allows respectively, refuses and need to confirm.
<transformation〉element comprises some<xpath〉daughter element,<xpath〉value of element is an XPATH expression formula, these<xpath〉be the relation of logic OR (OR) between element, specify the part of the XML document that the visitor can visit.
The authorization rule document can also be another kind of structure in addition:
Similar [COMMON_POLICY], document comprises<ruleset〉root element, wherein comprise some<rule〉element.
<rule〉element comprises<condition 〉,<action 〉,<transformation〉three daughter elements.
On this basis, present embodiment is at<condition〉increase daughter element<method in the element 〉,<method〉value of element includes but not limited to one of GET, PUT, DELETE at least; At<transformation〉increase daughter element<xpath in the element 〉, any part of the XML that expression this rule is controlled, its value is an XPATH expression formula,<transformation〉element can have several<xpath〉daughter element, these<xpath〉union of part of the described XML document of element expressed which part of regular control XML document.
Fig. 3 is the flow chart that the XML document mandatory administration of the XML document management method of an alternative embodiment of the invention is operated.
As shown in Figure 3, after XDM S receives the XDM operation requests, carrying out way of bailment and judge, check whether sender of the message's sign is marking matched with the owner of operated document, if coupling then is a general fashion, otherwise is way of bailment.If be general fashion, then according to the flow processing of prior art; If be way of bailment, then obtain XDM delegable rule, judge whether the XDM operation of on commission person's request satisfies the effective term of delegable rule.Be the authorization trust formula if this XDM operation requests satisfies rule, XDMS carries out the corresponding mandatory administration operation of authorizing according to this XDM operation requests.
Illustrate the situation of describing various rules in the XDM delegable document below:
The identify label of supposing principal A is: sip:userA@example.com, on commission person B is designated sip:userB@example.com.
Suppose to have principal A in XDMS, to store following XML document:
http://xcap.example.com/services/resource-lists/users/sip:userA@example.com/friends.xml
<?xml?version=″1.0″encoding=″UTF-8″?>
<resource-lists?xmlns=″urn:ietf:params:xml:ns:resource-lists″>
<list?name=″My-Close-friends″>
<entry?uri=″sip:Andy@example.com″>
<display-name>Andy</display-name></entry>
<entry?uri=″sip:Simon@example.com″>
<display-name>Simon</display-name></entry></list><list?name=″My_Middle_School_Classmates″>
<entry?uri=″sip:friendl@example.com″>
<display-name>Friend1</display-name></entry>
<entry?uri=″sip:friend2@example.com″>
<display-name>Friend1</display-name></entry>
<entry?uri=″sip:friend3@example.com″>
<display-name>Friend1</display-name></entry> </list></resource-lists>
Two tabulations of principal A have been described, one " My-Close-Friends " by name, one " My-Middle-School-Classmates " by name in the top XML document.Suppose that A allows on commission person B to read or revise content in the tabulation " My-Middle-School-Classmates ".Then:
1)<and condition〉daughter element<identity in the element〉be:
<identity>
<one?id=″userB@example.com″scheme=″sip″/>
</identity>
2)<and transformation〉comprise following daughter element in the element
<xpath>
/resource-lists/list[@name=″My_Middle_School_Classmates″]
</xpath>
3)<and action〉element is:
<operation>
<get>allow</get>
<put>deny</put>
<delete>deny</delete>
</operation>
Corresponding XDM delegable rule is as follows:
At<condition〉comprise the sign of user B in the element, illustrate that rule is suitable during for B the sender of the message;
At<action〉comprise four daughter elements in the element, first explanation allows to read (GET) operation, and second explanation forbids writing (PUT) operation, and deletion (DELETE) operation is forbidden in the 3rd explanation, and the POST operation is forbidden in the 4th explanation;
At<transformation〉comprise one<xpath in the element〉element, specifying this rule to be applicable to which part of the corresponding XML document of operation with the XPATH expression formula, here is the operation that is applicable to the tabulation of " My_Middle_School_Classmates " by name in the corresponding XML document.
http://xcaap.example.com/services/resource-lists/users/sip:userA@example.com/xdm_delegation_rules.xml
<?xml?version=″1.0″encoding=″UTF-8″?>
<ruleset?xmlns=″urn:ietf:params:xml:ns:common-policy″>
<rule?id=″f3g44r3″>
<condition>
<identity>
<one?id=″userB@example.com″scheme=″sip″/>
</identity>
</condition>
<action>
<get>allow</get>
<put>deny</put>
<delete>deny</delete>
<post>deny</post>
</action>
<transformation>
<xpath>/resource-lists/list[@name=″My_Middle_School_Classmates″]
</xpath>
</transtormation>
</rule>
</ruleset>
In way of bailment is judged, can also be by in message, increasing an attribute field, showing whether be way of bailment.Attribute field is placed in the message header, entrusts the inspection processing module to obtain this attribute field when receiving message, judges whether to be way of bailment in view of the above.
Fig. 4 is the flow chart that the way of bailment of the XML document management method of embodiment among Fig. 3 is checked.
As shown in Figure 4, its process comprises the User Identity that obtains the message publisher; Obtain operated document owner sign; If above-mentioned two kinds marking matched, then be general fashion, otherwise be way of bailment.
In addition, in on commission person's qualification is judged, can also adopt in such a way: the information that the XML document management server is relevant with the identity characteristic of XML document administrative client sends to XML document owner client-requested and confirms, XML document owner's client returns confirmation to the XML document management server after confirming, if confirm that the result is for authorizing, then the XML document administrative client is the trust XML document administrative client of mandate, otherwise is unauthorized trust XML document administrative client.
XDMS can also judge whether the XML document administrative client is this XML document owner, if this XML document administrative client is this XML document owner, then carries out XML document bookkeeping general in the prior art, is not described specifically here.If the XML document administrative client is neither the XML document owner, unauthorized again mandatory administration person then refuses the bookkeeping of this XML document administrative client to XML document.
In the such scheme, if not explanation, then be that to be arranged in subscriber equipment be example for XDMC with consigner or trustee.In addition, no matter consigner or trustee can directly not send request to corresponding XDMS by Aggregation Proxy when its XDMC is arranged in application server; If then can transmit request to corresponding XDMS when its XDMC is arranged in user terminal by Aggregation Proxy.
Fig. 5 is the message flow chart of the XML document management method of the third embodiment of the present invention.
User A entrusts the alumnus records server S to safeguard good friend's information for it.When classmate B of user A added in the alumnus records of A place class, server was safeguarded the buddy list that is stored among certain XDMS for user A, in user B adding buddy list.
(1) user A is provided with the XDM delegable rule of alumnus records server S by the XCAP agreement in the XDMS of its storage buddy list, allows the alumnus records server to increase the good friend in its buddy list " MyClassmates ".
(2) after user B added the alumnus records of A place class, for user B being added the buddy list of access customer A, the alumnus records server S sent the XDM operation requests to this XDMS.
(3) this XDMS carries out aforementioned way of bailment judgement flow process, and obtaining the message publisher from message is the sign of alumnus records server S and the sign of operand owner A, and compares, and is defined as way of bailment according to comparative result.
(4) this XDMS is according to the message publisher's sign that obtains from message, operand and action type, the XDM authorization rule that contrast A is stored among this XDMS determines that alumnus records server S authorized agency user A carries out this XDM operation, and increasing user B then in the buddy list of user A is the good friend.
In the step (1), the message when user A is provided with XDM delegable rule on corresponding XDMS below corresponding XDMS sends:
Wherein<and cr:rule id=ck81〉element illustrates a rule of definition, and three daughter elements wherein:
<cr:conditions〉condition of application of rules is described, promptly as message request person be<cr:id be suitable for this rule during the alumnus records server that indicates in the element.
<cr:action〉when element illustrates application of rules, XDM server corresponding action, wherein, first daughter element explanation allows to carry out the GET operation, second daughter element explanation allows to carry out the PUT operation, and the 3rd daughter element explanation do not allow to carry out the DELETE operation; What need explanation a bit is, does not specify here whether to allow the POST operation, and in the reality, the XDM server can have the action of acquiescence, and for refusal, promptly for undefined operation, the server refusal is carried out at this default-action commonly used.
<cr:transformation〉operand of the described operation of element explanation this rule, be being called in the corresponding XML document at this " My_Middle_School_Classmates " tabulation.
PUT
http://xcap.example.com/services/shared-xdms/users/sip:userA@example.com/xdm_delegation_rules.xml?HTTP/1.1
…
Content-Type:application/auth-policy+xml
Content-Length:(…)
<?xml?version=″1.0″encoding=″UTF-8″?>
<cr:ruleset
xmlns:op=″urm:oma:params:xml:ns:pres-riles″
xmlns:pr=″urn:ietf:params:xml:ns:pres-riles″
xmlns:cr=″urn:ietf:params:xml:ns:common-policy″
xmlns:xsi=″http://www.w3.org/2001/XMLSchema-instance″>
<cr:rule?id=″ck81″>
<cr:conditions>
<cr:identity>
<cr:id>sip:alumin@exampleservice.com</cr:id>
</cr:identity>
</cr:conditions>
<cr:actions>
<get>allow</get>
<put>allow></put>
<delete>deny</delete>
</cr:actions>
<cr:transformations><xpath>/resource-lists/list[@name=”My_Middle_School_Classmates”]</xpath>
</cr:transformations>
</cr:rule>
</cr:ruleset>
The sip address of supposing the alumnus records server S is: sip:alumni@exampleservice.com, the XDM delegable document HTTP URI of user A is http://xcap.example.com/services/shared-xdms/users/sip:userA@ex ample.com/xdm_delegation_auth.xml.
Wherein:
Sip:alumni@exampleservice.com is the sign of authorization object, represents the access control of this authorization rule definition to the alumnus records server;
<get〉allow</get 〉, expression allows the alumnus records server to read,<put〉allow</put〉represent that permission alumnus records server execution PUT operates<delete〉deny</delete〉represent not allow alumnus records server execution DELETE to operate;
<xpath 〉/resource-lists/list[@name=" My_Middle_School_Classmates "]</xpath〉expression permission alumnus records server operation My_Middel_School_Classmates tabulation.
After corresponding XDMS receives this message, create XDM delegable rule.
The message that sends to corresponding XDMS when wherein the alumnus records server increases user B in the step 5) in the buddy list of A is:
PUThttp://xcap.example.com/services/shared-lists/users/sip:userA@example.com/friends.xml/~~/resource-lists/list[@name=″My_friends″]/entry[@uri=″sip:friend2@example.com″]HTTP/1.1
…
Content-Type:application/xcap-el+xml
Content-Length:(…)
<?xml?version=″1.0″encoding=″UTF-8″?>
<entry?uri=″sip:friend2@example.com″>
<display-name>Friend2</display-name>
</entry>
From then on trust inspection among the XDMS and processing module obtain message publisher's sign " sip:alumni@exampleservice.com " in the message, and operand owner's sign " sip:userA@example.com ", relatively two identify difference as a result, and judging this XDM operation requests is way of bailment.With reference to the XDM delegable rule that is provided with in the step 1), determine that the alumnus records server S has the mandate of carrying out this operation then, carry out this XDM operation by XDMS then.
The fourth embodiment of the present invention is a kind of XML document access control method, comprising:
Steps A: whether the XML document access client of judging request visit XML document satisfies the XML document access consideration, if then carry out (2), otherwise withdraws from this processing procedure;
Step B: the accessing operation that the XML document access client that satisfies the XML document access consideration is according to the rules carried out to the XML document specific part, carry out the XML document accessing operation of XML document access client to the regulation of the specific part request execution of XML document.
In the steps A, can be according to the mode of the foregoing description, the identify label of XML document bookkeeping client is compared with the XML document access client identify label of being scheduled to of satisfying the XML document access consideration, the XML document access client satisfies the XML document access consideration if the two mates then, otherwise the XML document access client does not satisfy the XML document access consideration.The predetermined XML document access client identify label of satisfying the XML document access consideration can be the owner's self of this XML document identify label, also can be other the predetermined identify label that can visit the access client of this XML document.When the owner's self of XML document access client and this XML document identify label coupling, then represent the owner self of this XML document access client for this XML document, this moment, this XML document access client had bigger accessing operation authority, can carry out the accessing operation of XML document according to general XML document access process, also can be according to the accessing operation to this XML document of this method regulation.When the identify label of XML document access client and other predetermined can be visited the identify label coupling of access client of this XML document, represent that then this XML document access client can be to the conduct interviews client of operation of this XML document for what entrust.
In addition, in steps A, can also adopt the mode of instant affirmation, promptly, request is sent to XML document owner client and confirms the conduct interviews relevant information of XML document access client of operation of XML document, and receive the affirmation information that XML document owner client is returned, if confirm that the result satisfies the XML document access consideration for this XML document access client, then the XML document access client satisfies the XML document access consideration, otherwise does not satisfy the XML document access consideration.By prior art and with reference to the foregoing description, this process is easy to realize, repeats no more here.
XML document access consideration in the steps A comprises at least and one of being not limited in following: the identity information condition of XML document access client; The term of validity condition of regulation; Requestor's positional information condition.Such as, the Identity that lists among above-mentioned first embodiment, Domain, Validity, Sphere etc.
Regulation described in the step B comprises: can the conduct interviews specific part of XML document of operation of the XML document access client that satisfies the XML document access consideration.The specific part of XML document can XCAP URI sign.The accessing operation that can carry out can be read operation HTTP GET, write operation HTTP PUT, and deletion action HTTP DELETE, search operaqtion HTTP POST, etc.
Can also comprise at step B: execution result information " 200 OK " is sent the XML document access client.
The foregoing description just is used to illustrate concrete execution mode of the present invention, is not the restriction that is used for protection scope of the present invention.Those skilled in the art can be according to basic thought of the present invention or foregoing, and makes various modification or improvement, as long as it falls in the determined protection range of claims of the present invention or its be equal to, all should be contained by the present invention.
Claims (23)
1. XML document management method may further comprise the steps:
(1) the XML document administrative client sends the XML document management operation request to the XML document management server;
(2) the XML document management server receives the XML document management operation request of described XML document administrative client and judges whether the request of XML document administrative client satisfies the effective term of the delegable rule of described XML document bookkeeping;
(3) when the effective term of delegable rule of XML document bookkeeping is satisfied in the request of XML document administrative client, the XML document bookkeeping of executing rule regulation, otherwise carry out unauthorized trust processing procedure.
2. XML document management method as claimed in claim 1 is characterized in that, the effective term of the delegable rule of XML document bookkeeping comprises at least described in the wherein said step (2):
The identity information condition of XML document access client.
3. XML document management method as claimed in claim 2 is characterized in that, wherein said step (2) comprising:
Identity information according to this XML document administrative client of acquisition request of XML document administrative client;
The identity information condition of the XML document administrative client in the effective term of the identity information of the XML document administrative client that obtained and described delegable rule is compared, if the two coupling, the identity of then described XML document administrative client satisfies the identity information condition of XML document access client of the effective term of described delegable rule.
4. XML document management method as claimed in claim 1 is characterized in that, the XML document bookkeeping of wherein said regular defined comprises:
Cura specialis operation to the XML document specific part.
5. XML document management method as claimed in claim 4 is characterized in that, the regulation of wherein said cura specialis operation to the XML document specific part comprises at least and one of being not limited in following:
Carry out or do not carry out read operation to the XML document specific part;
Carry out or do not carry out write operation to the XML document specific part;
Carry out or do not carry out deletion action to the XML document specific part;
Carry out or do not carry out search operation to the XML document specific part.
6. XML document management method as claimed in claim 5, it is characterized in that, the specific part of described XML document identifies with XCAP URI, described read operation is HTTP GET operation, said write is operating as HTTP PUT operation, described deletion action is HTTP DELETE operation, and described search operaqtion is HTTP POST operation.
7. XML document management method as claimed in claim 1 is characterized in that, wherein also comprises step before in described step (1):
Formulate and on the XML document management server, store and move the delegable rule of described XML document bookkeeping.
8. XML document management method as claimed in claim 7 is characterized in that, wherein said rule is formulated by described XML document owner's client, and sends to described XML document management server by described XML document owner's client.
9. XML document management method as claimed in claim 7 is characterized in that, wherein said rule is formulated by the XML document management server.
10. XML document management method as claimed in claim 1 is characterized in that,
Also comprise step before in described step (1): the delegable rule of formulating and on the XML document management server, store and move described XML document bookkeeping;
The effective term of the delegable rule of described XML document bookkeeping comprises the identity information condition of XML document access client at least;
Described step (2) comprising: according to the identity information of this XML document administrative client of acquisition request of XML document administrative client; The identity information condition of the XML document administrative client in the effective term of the identity information of the XML document administrative client that obtained and described delegable rule is compared, if the two coupling, the identity of then described XML document administrative client satisfies the identity information condition of XML document access client of the effective term of described delegable rule;
The XML document bookkeeping of described regular defined comprises at least and one of being not limited in following:
Carry out or do not carry out read operation to the XML document specific part;
Carry out or do not carry out write operation to the XML document specific part;
Carry out or do not carry out deletion action to the XML document specific part;
Carry out or do not carry out search operation to the XML document specific part,
The specific part of wherein said XML document is with XCAP URI sign, and described read operation is operating as HTTP PUT operation for HTTP GET operation, said write, and described deletion action is the HTTPDELETE operation, and described search operaqtion is HTTP POST operation.
11., it is characterized in that the unauthorized trust processing procedure in the wherein said step (3) comprises as each described XML document management method in the claim 1 to 10:
Judge whether described XML document administrative client is this XML document owner, if this XML document administrative client is this XML document owner, then carry out general XML document bookkeeping, otherwise refuse the bookkeeping of this XML document administrative client described XML document.
12. XML document management method as claimed in claim 11 is characterized in that, described XML document administrative client is the subscriber equipment terminal, its with described XML document management server between be connected by Aggregation Proxy and realize.
13. XML document management method as claimed in claim 12 is characterized in that it also comprises:
(4) described XML document management server sends described XML document administrative client with XML document bookkeeping execution result information.
14. XML document management system, comprise XML document administrative client and XML document management server, described XML document administrative client is connected with the XML document management server, it is characterized in that, between described XML document administrative client and XML document management server, also be provided with the XML document bookkeeping and entrust inspection and processing unit, whether the XML document operation that this XML document bookkeeping entrusts inspection and processing unit to verify that described XML document administrative client is asked is the authorization trust formula, and the XML document bookkeeping that execution XML document administrative client is asked is handled accordingly.
15. XML document management system as claimed in claim 14 is characterized in that, wherein said XML document bookkeeping entrusts inspection and processing unit to comprise:
Entrust and check module, be used to check whether the XML document bookkeeping that the XML document administrative client is asked is way of bailment;
Authorization handler module is used to judge whether the way of bailment of entrusting the inspection module to determine is the way of bailment of mandate, and according to regular execution of delegable the cura specialis of XML document specific part is operated when way of bailment is the way of bailment of authorizing.
16. XML document management system as claimed in claim 15 is characterized in that, the specific part of wherein said XML document is with XCAP URI sign, and described cura specialis operation comprises at least and one of being not limited in following:
Read operation HTTP GET;
Write operation HTTP PUT;
Deletion action HTTP DELETE;
Search operaqtion HTTP POST.
17. XML document management system as claimed in claim 16, it is characterized in that, it also comprises XML document owner client, this XML document owner client is connected with described XML document management server, the user sends the corresponding XML document delegable rule of this XML document owner document by described XML document owner's client to described XML document management server, sets up the bookkeeping delegable rule of this XML document.
18. as each described XML document management system in the claim 14 to 17, it is characterized in that, it also comprises Aggregation Proxy and SIP/IP Core, transmit information by described Aggregation Proxy between described XML document administrative client and the XML document management server, described SIP/IP Core is used to handle the subscribing message between described XML document administrative client and the described XML document management server.
19. an XML document access control method comprises:
(1) whether the XML document access client of judging request visit XML document satisfies the XML document access consideration, if then carry out (2), otherwise withdraws from this processing procedure;
(2) accessing operation to the XML document specific part of the XML document access client execution of satisfying the XML document access consideration is according to the rules carried out the XML document accessing operation of described XML document access client to the regulation of the specific part request execution of described XML document.
20. XML document access control method as claimed in claim 19 is characterized in that, wherein the XML document access consideration described in the step (1) comprises at least and one of being not limited in following:
The identity information condition of XML document access client;
The term of validity condition of described regulation;
Requestor's positional information condition.
21. XML document access control method as claimed in claim 20 is characterized in that, wherein the regulation described in the step (2) comprises:
Can the conduct interviews specific part of XML document of operation of the XML document access client that satisfies the XML document access consideration;
Described XML document access client is to the executable accessing operation of the specific part of described XML document, comprises at least one of being not limited in following:
Read operation;
Write operation;
Deletion action;
Search operaqtion.
22. XML document access control method as claimed in claim 21 is characterized in that, wherein step (2) also comprises:
Execution result information is sent described XML document access client.
23. as claim 21 or 22 described XML document access control methods, it is characterized in that, the specific part of described XML document identifies with XCAP URI, described read operation is the HTTPGET operation, said write is operating as HTTP PUT operation, described deletion action is the HTTPDELETE operation, and described search operaqtion is HTTP POST operation.
Priority Applications (9)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610033602A CN1859402B (en) | 2006-02-10 | 2006-02-10 | XML file manging system and its method, and control method for XML file access |
| PCT/CN2006/003659 WO2007090332A1 (en) | 2006-02-10 | 2006-12-29 | A method and system for managing xml document |
| EP06840689A EP1983683B1 (en) | 2006-02-10 | 2006-12-29 | A method and system for managing XML document |
| AT06840689T ATE475234T1 (en) | 2006-02-10 | 2006-12-29 | METHOD AND SYSTEM FOR MANAGING AN XML DOCUMENT |
| CNA200680013175XA CN101164278A (en) | 2006-02-10 | 2006-12-29 | Expandable mark language XML document management method and system |
| DE602006015706T DE602006015706D1 (en) | 2006-02-10 | 2006-12-29 | Method and system for managing an XML document |
| KR1020087021772A KR101008121B1 (en) | 2006-02-10 | 2006-12-29 | A method and system for managing xml document |
| US11/969,603 US8812696B2 (en) | 2006-02-10 | 2008-01-04 | Extensible markup language document management method and system |
| US14/326,054 US9208336B2 (en) | 2006-02-10 | 2014-07-08 | Extensible markup language document management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610033602A CN1859402B (en) | 2006-02-10 | 2006-02-10 | XML file manging system and its method, and control method for XML file access |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1859402A true CN1859402A (en) | 2006-11-08 |
| CN1859402B CN1859402B (en) | 2010-05-12 |
Family
ID=37298264
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610033602A Active CN1859402B (en) | 2006-02-10 | 2006-02-10 | XML file manging system and its method, and control method for XML file access |
| CNA200680013175XA Pending CN101164278A (en) | 2006-02-10 | 2006-12-29 | Expandable mark language XML document management method and system |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200680013175XA Pending CN101164278A (en) | 2006-02-10 | 2006-12-29 | Expandable mark language XML document management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN1859402B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102084622A (en) * | 2008-07-03 | 2011-06-01 | 爱立信电话股份有限公司 | Communicating configuration information in a communications network |
| CN101286875B (en) * | 2008-03-31 | 2011-11-16 | 华为技术有限公司 | Method, system, device and terminal for batch processing XML document |
| CN101626365B (en) * | 2008-07-11 | 2013-03-27 | 中兴通讯股份有限公司 | Directory server and system and method for realizing LDAP extended operation |
| CN103684789A (en) * | 2013-12-14 | 2014-03-26 | 中国航空工业集团公司第六三一研究所 | Method for authenticating identity of airborne network service system application based on XML |
| CN103874995A (en) * | 2011-08-30 | 2014-06-18 | 甲骨文国际公司 | Validating xml documents based on decentralized schemas |
| CN104184973A (en) * | 2007-02-02 | 2014-12-03 | 索尼株式会社 | Information processing device and method |
| US8914508B2 (en) | 2007-11-30 | 2014-12-16 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for use in XML document management architecture |
| CN104331522A (en) * | 2014-11-28 | 2015-02-04 | 迈普通信技术股份有限公司 | OEM (Original Equipment Manufacture) information customizing method and OEM equipment |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007090332A1 (en) | 2006-02-10 | 2007-08-16 | Huawei Technologies Co. , Ltd. | A method and system for managing xml document |
| CN101795259B (en) * | 2009-02-03 | 2012-10-17 | 华为技术有限公司 | Method for creating entity tag and user data center |
| CN101719909B (en) * | 2009-11-23 | 2012-05-02 | 烽火通信科技股份有限公司 | Method for realizing XCAP client terminal in home gateway |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| MXPA04004909A (en) * | 2001-11-23 | 2004-09-03 | Research In Motion Ltd | System and method for processing extensible markup language (xml) documents. |
| NO20024840L (en) * | 2002-05-31 | 2003-12-01 | Telenor Asa | Method and apparatus in a telecommunications network |
| EP1462949A1 (en) * | 2003-03-22 | 2004-09-29 | Cegumark AB | A system and method relating to access of information |
| CN100334832C (en) * | 2003-12-10 | 2007-08-29 | 联想(北京)有限公司 | Method for intelligent sharing file resources wireless network grids |
-
2006
- 2006-02-10 CN CN200610033602A patent/CN1859402B/en active Active
- 2006-12-29 CN CNA200680013175XA patent/CN101164278A/en active Pending
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104184973A (en) * | 2007-02-02 | 2014-12-03 | 索尼株式会社 | Information processing device and method |
| US8914508B2 (en) | 2007-11-30 | 2014-12-16 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for use in XML document management architecture |
| CN101286875B (en) * | 2008-03-31 | 2011-11-16 | 华为技术有限公司 | Method, system, device and terminal for batch processing XML document |
| CN102084622A (en) * | 2008-07-03 | 2011-06-01 | 爱立信电话股份有限公司 | Communicating configuration information in a communications network |
| CN101626365B (en) * | 2008-07-11 | 2013-03-27 | 中兴通讯股份有限公司 | Directory server and system and method for realizing LDAP extended operation |
| CN103874995A (en) * | 2011-08-30 | 2014-06-18 | 甲骨文国际公司 | Validating xml documents based on decentralized schemas |
| CN103874995B (en) * | 2011-08-30 | 2017-07-14 | 甲骨文国际公司 | Based on decentralized model verifying XML document |
| CN103684789A (en) * | 2013-12-14 | 2014-03-26 | 中国航空工业集团公司第六三一研究所 | Method for authenticating identity of airborne network service system application based on XML |
| CN103684789B (en) * | 2013-12-14 | 2017-01-04 | 中国航空工业集团公司第六三一研究所 | The identity identifying method based on XML of onboard networks service system application |
| CN104331522A (en) * | 2014-11-28 | 2015-02-04 | 迈普通信技术股份有限公司 | OEM (Original Equipment Manufacture) information customizing method and OEM equipment |
| CN104331522B (en) * | 2014-11-28 | 2018-03-30 | 迈普通信技术股份有限公司 | OEM information method for customizing and OEM equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101164278A (en) | 2008-04-16 |
| CN1859402B (en) | 2010-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1859402A (en) | XML file manging system and its method, and control method for XML file access | |
| CN1275139C (en) | Chaining information making apparatus and method | |
| CN1794652A (en) | Method system, server and unit of setting presentation body configuration information | |
| CN1881245A (en) | Document management system, client terminal, server, client program and server program | |
| CN1773520A (en) | Image processor | |
| CN1859322A (en) | Method for searching user's information | |
| CN1633650A (en) | User authentication method and user authentication system | |
| CN1801146A (en) | Method and device of determining access control effect | |
| CN1554053A (en) | Service providing system and method | |
| CN1700641A (en) | Digital signature assurance system, method, program and apparatus | |
| CN1703048A (en) | Web service application protocol and SOAP processing model | |
| CN100343835C (en) | Program, information processing method and device | |
| CN101043469A (en) | Method for processing exposure information | |
| CN1668004A (en) | Image processing apparatus and personal information management program | |
| CN1691588A (en) | Information processing apparatus, information processing method, and computer program | |
| CN1738248A (en) | Information-processing method, information-processing apparatus and computer program | |
| CN1416074A (en) | Authentication system and authentication method | |
| CN1581771A (en) | Authentication system, server, and authentication method and program | |
| CN101052946A (en) | A system and method for controlling access to an electronic message recipient | |
| CN1852094A (en) | Method and system for protecting account of network business user | |
| CN1716922A (en) | Method and system for mobile device messaging | |
| CN1783792A (en) | Dynamic content change notification | |
| CN1794723A (en) | Processing method of off-line message | |
| CN1514616A (en) | User register method and system of user attribution storage in comintion environment | |
| CN1518699A (en) | Information image utilization system, information image management apparatus, information image management method, user information image, program, and recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |