Paintings & Photography

A security framework for XML schemas and documents for healthcare

Description
A security framework for XML schemas and documents for healthcare
Published
of 8
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  2 2 IEEE International ConferenceonBioinformaticsandBiomedicine Workshops  BIBMW ASecurity Framework forXMLSchemasandDocumentsforHealthcare AlbertoDelaRosaAlgarin,StevenA.Demurjian DepartmentofComputerScienceandEngineeringUniversityofConnecticutStorrs,CTUSA{ada,steve}@engr.uconn.edu SolomonBerhe Department of BiomedicalInformaticsColumbiaUniversityMedicalCenterNewYork,NYUSAslb7002@dbmi.columbia.edu JaimeA.Pavlich-Mariscal' DepartamentodeIngenieriadeSistemasPontificiaUniversidadJaverianaBogota,Colombiajpavlich@javeriana.edu.co Abstract TheeXtensible Markup Language(XML)haswideusageinhealthcaretofacilitatehealthinformationexchangeviatheContinuityof Care Record(CCR)forstoring/managingpatientdata,diagnoses,medicalnotes,tests,scans,etc. Health ITproductslikeelectronichealth record (EHR,e.g.,GECentricity)andpersonalhealthrecord(pHR,e.g.,MSHealthVault)use CCR for data representation.Tomanagepatient data inCCR,securityasgovernedby HIP AAmustbeattainedwhenusing XML and itstechnologies(XACML,XSLT,etc.). Our objectiveistohavean XML document (CCR instance) appear differentlytoauthorizedusersatdifferenttimesbasedona user s role,constraints,separationofduty,delegationofauthority,etc.Inthispaper,weproposeasecurity frameworkthat targets XML schemas and documents,ingeneral,and CCR schemas and documents,in particular withcontrolcapabilities that achievecustomizableaccesstoan XML document'selementsbyapplyingsecuresoftwareengineeringmethodologies and definingnew UML XML-focuseddiagramsforschemas and permissions.Thisallowsustogenerate XACML policies,andenforcesecurityattheruntimelevelon XML instancestoinsure that correct andrequired patient data issecurelydelivered.Ina market ofrapidlyemergingmobilehealthcareapplicationstoallowpatientstomanage their own data (pHRs) and forself-managementofchronicdiseases,theneedforsecureaccesstoinformationanditsauthorization and transmissiontoproviders(andEHRs)willbecritical. Keywords-XMLschemas;role-basedaccesscontrol;continuity of carerecord;securitypoliciesandenforcement I. INTRODUCTION TheeXtensibleMarkupLanguage(XML)[23]hasbecomethedefactostandardformatfordataexchangeacrossheterogeneoussystems,regardlessofdomain.Inthebiomedicalinformaticsdomain,XMLhasbecomethelanguageofchoiceformostimportantstandards,suchasthehealthlanguageseven(HL7)clinicaldocumentarchitecture(CDA)[14]forhealthinformationexchange(HIE)andtheContinuity of CareRecord(CCR)[28]forinformationstorageofadministrative,patientdemographics,andclinicaldata.InhealthIT(HIT),CDAandCCRcometogetherinvarioussystemssuchaselectronichealthrecords(EHR, 1 Alsoaffiliatedwith:DepartamentodeIngenieriadeSistemasyComputacion,UniversidadCat6licadelNorte,Antofagasta,Chile,jpavlich@ucn.c1 978-1-4673-2747-3/12/ 31.00 ©2 2 IEEE 782 e.g.,GE'sCentricity[34]),practicemanagementsystems,personalhealthrecords(pHR,e.g.,MSHealthVault[35]),etc.HL7CDAisusedtosupportHIEamonghospitals,clinics,physicianpractices,laboratories,etc.,withCCRprovidingthemeanstomodelthedatathatneedstobeexchanged.TheimportanceofbothCDAandCCRhasincreasedwiththepassageoftheHITECHAct[33]whichprovidesfinancialincentivesforclinicalinstitutionstoimplementEHRsandshareelectronicpatientdatawithotherorganizationsusingHIE.CCRdocumentsbeingexchangedamongsystemswithconfidentialmedicalinformationmustadheretoHIPAA[24]andregulationsatstateandfederallevels.Asaresult,thismustbeaddressedinabroadercontext,acrossmultiplesystemsandaccessibletomultipleusersinroutineandemergentsituations.WemustexpandsecurityfromeachindividualsystemtoafocusthatismoreexpansiveincontrollingaCCRdocumentanditscontent,particularlyforHIE,andintherapidlyemergingmobilehealthcaredomain,wherepatientsmanagepersonalhealthinformationandchronicdiseasesandneedtosecurelyaccessinformationandauthorizeitsexchangewithmedicalprovidersviaEHRs,secureemails,orothermeans.ThemainobjectiveofthispaperistocontrolaccesstoXMLdocumentstoshareandexchangeinformation,providingameansforthesecurityofanXMLschematobedefinedthatcanthenbeenforcedontheindividualXMLinstancesforanapplication.WeareseekingdocumentlevelaccesscontroltoallowXMLinstancestoappeardifferentlytoauthorizedusersatdifferenttimesbasedoncriteriathatinclude,butarenotlimitedto,auser'srole,timeandvalueconstraintsondatausage,collaborationforsharingdata,delegationofauthorityasprivilegesarepassedamongauthorizedusers,etc.Inhealthcare,suchcriteriawillbefurtherconstrainedbyaccesstodocumentsinemergentsituations,collaborationofmedicalpersonnelinpatientcenteredmedicalhomes(PCMH)[37],delegatingauthoritybetweenprovidersduring off hours(nightsandweekends),etc.Inallofthesesituations,thecustomizabilityofaccesstothedocumentwillbecritical,toprovidetheabilitytolimitaccesstoaCCRinstancebasedonrole;thismayrequiresecurityontheknowledgeusedtoencodeadocument'sinformationsuchasamedicalontologylikeSNOMED[37].Towardsthisend,thispaperproposesa  securityframeworktodefinesecuritypoliciesthattargetXMLschemasanddocuments,providingavariety of accesscontrolcapabilitiestoachievecustomizableaccesstoanXMLdocument'selementsataninstancelevel.Toaccomplishthis,weleverageourworkinsecuresoftwareengineering[1,2,16,17]usingtheunifiedmodelinglanguageUML[25],whichhashadatwo-foldfocus.First,in[16,17],wecreatednewUMLdiagramsforRBAC,discretionaryaccesscontrol(DAC),andusers,augmentedwithaprocessforsecuresoftwareengineeringusingUML;theapproachdefinesanewUMLroleslicediagramfromwhichaspect-orientedenforcementcodeisgenerated.Then,in[1,2],weenhancedtheNISTRBAC[12,13]standardwithcollaboration of dutyandadaptiveworkflowtodefinesecurityconditionsunderwhichusersinteractwithoneanothertowardsacommongoal;thisworkwasappliedtohealthcarewithUMLdiagramsextendedappropriately.Ourobjectiveinthispaperistoleverageboth[1,2]and[16,17]inordertodefineasecurityframeworkforXMLthat:representsanXMLschemainUMLviaanew XMLSchemaDiagram; definessecuritypermissionsviaanew XMLRoleSliceDiagram; generatesXACML[26]securitypolicies;and,achievestheenforcement of securityattheruntimelevelonXMLinstancestoinsurethatfiltered,correct,andrequiredpatientdataissecurelydelivered.OurproposedframeworkistargetedforXMLschemasanddocuments,butwillbeappliedtohealthcareandCCR.Theremainder of thispaperisorganizedintofivesections.SectionIIpresentsbackgroundinformationonNISTRBAC,XML,andtheCCRstandard.SectionIIIpresentsabriefreview of conceptsfrom[16,17]toestablishthecontext of securesoftwareengineeringonUML.SectionIVpresentstheproposedsecurityframeworkforXML,focusingonnewUMLXMLdiagramsandthegeneration of XACMLpolicies.SectionVreviewsrelatedwork,whileSectionVI,offersconcludingremarksandongoingwork.II. BACKGROUNDANDMOTIVATION A. NISTRBAC IntheNISTRBAC[12,13],permissionsareassignedtoroles,whicharethenassignedtousers,showninFigure1,whereausercanperformany of permissionsassignedtotheroles/heexhibits.NISTRBACcontainsfourreferencemodels.RBAC o allowsforpoliciestobedeniedattherolelevelinstead of theindividuallevel.Tohandlerolehierarchies,RBAC 1 allowsforparentrolestopassdowncommonprivilegestochildrenrolessothatpermissionshighinthehierarchycanbeinheritedbytherolesbelow,andspecificpermissionsareassociatedwithrolesthatactasleafsinthehierarchy.RBAC 2 providesdefinition of constraints,suchasseparation of duty(SoD)andcardinality.Asanexample,considerthescenario of agroupofhealthcareprofessionalsreadingsensitivepatientdata.Thereading of suchdataisdefinitivelyallowedundercertainconditions.SoDensuresthattheauthorizationrolethatgrants 783 permissionsexistsasadifferententitytotheotherroles.Thisensuresthatrolesarenotallowedthemselvestoviewsensitivedatatheywouldotherwisehavenoauthorizationto.Mutualexclusionensuresthattwoormorespecificrolesmaynotbeassignedtoanyparticularuser,enforcedbyrestrictionsputinplacebythecardinalityconstraint(thenumber of users/permissionsgettingassignedtoaparticularrole).RBAC 3 introducestheconcept of sessionsthatrepresentthelifetime of aparticularuser,role,permissionandtheirassociationforadynamicruntimeapplication. ROLEHIERARCHY cardinalityConstraints Figure 1:NISTRBACo,RBAC H and RBAC 2  B.TheeXtensibleMarkupLanguage XML XMLfacilitatesinformationexchangeacrossdisciplinesandoffersaflexiblemeanstocollectandtransmitdatabetweendifferentinformationsystemsandplatformsasameans of acommon,structuredlanguage.XMLsupportsinformationtobehierarchicallystructuredandtagged,andthetagsthemselves can beexploitedtocaptureandrepresentthesemantics of theinformation.XMLofferstheabilitytodefinestandardsviaXMLschemas,whichserveas both theblueprintandvalidationagentsforinstancesseekingtocomplyandbeusedforinformationexchangepurposes.ThemainmechanismbehindXMLschemasistheXMLSchemaDefinition(XSD),followingtheXMLSchemalanguage.Asanexample,anXMLschemacanbecomposed of multiplexs:complexType,xs:simpleType,xs:sequence,xs:element,etc,andthese can becombinedandnestedinanywaytoformamoreencompassingxs:complexType,acharacteristicsharedwithclassesinUML.WithXMLschemas,thedeveloperorstandardproposingagency can determineconstraints,suchastheminimumormaximumamount of occurrencesforanelement(minOccurs,maxOccurs),thedatatypepermittedforitsvalue,andothers.Theschemasroleistodescribeanddefinethedomainmodel,includingthetype-levelcharacteristicsthatinstancesmustfollowinforvalidity. C. Continuity of CareRecord Figure2showsasample of the(a)officialCCRschema[32]and (b) correspondingCCRdocument[29]thatvalidatesagainstsaidschema.CCRdocumentsincludesensitivepatientinformationsuchasdemographicalinformation,socialsecuritynumber,insurancepolicydetailsandhealthrelatedinformation(suchasmedications,  Figure 3: UML Extensions for AccessControl. leveragedtovisuallymodeldomainrequirements, but thereisalack of integratingsecurityspecificationsforRBAC,DACand MAC inthedesignphase[16,17]. For thisreason,theUMLmeta-modelwasextendedwithnewUMLsecuritydiagramsinFigure3: UserDiagram tograntauserpermissionto rolers); DelegationDiagram todefineDACcharacteristicsduringthedesignphase; RoleSliceDiagram fortheassignmentorpermissions(methods)torole; AJACExtension todefinesensitivitylevels(unclassified,confidential,secretandtopsecret)andtheirassignmentstoauser'sclearanceandanobject'sclassification;andthe SecureSubsystemDiagram SSD toidentifytheportions of thesoftwareapplicationAPIsthatneedstobeprotected.procedures,psychologicalnotes,etc.).TheCCRdocumentcontainsallpatientinformation,butnotallsuchinformationshouldbeavailabletoallusersatalltimes;thisinformationmustbecustomizedorfilteredbasedonauser'sroleandresponsibilitieswithinanorganization. For example,asecretaryataprivatepracticeperformingfinancialoperationsmightonlyneedtoseethepatient'sdemographicsandinsurancepolicydetails,whereastheprimaryphysicianmayneedtoaccesstheentirepatient'sinformation but nottheSSN.Someinformation(e.g.,pyschiatricnotes)areonlymadeavailabletospeficicroles,OneimportantnoteisthatsecuritypolicychangesmustnotresultinupdatingtheXMLschemasandinstances.Aspoliciesdifferacrossinstitutions,thesecuritymodelshouldoffermechanismstohandlethis,whichisone of themainobjectives of ourproposedsecurityframeworkforXML. <xs:schema xml ns= urn:astm-org :CCR xmlns :xs= http://www. w3 org/2001/XM LSchema xml ns:ccr= urn :astm-org:CCR targetNamespace= urn:astm-org: CCR elementFormDefault= qualified attributeForm Default= unqualified > <xs :import namespace=''http://www.w3.org/2000/09/xmldsig#''schemaLocati on= xmldsig-core-schema.xsd I> <xs:element name= ContinuityOfCareRecord ><xs:compl exType><xs:sequence><xs:elementname= CCRDocumentObjectlD type= xs :string I> <xs:elementname= Language type= CodedDescri ptionType I> <xs:element name= Version type= xs:string I> <xs:elementname= DateTime type= DateTimeType I> <xs:elementname= Patient maxOccurs= 2 > <xs:complexType> \セセセセ セセセセ セ。ュ・] a」エッイid type= xs:string I> (a). XML Schema </xs:sequence></xs:complexType> < xs el ement><xs:element name= From > <xs:complexType><xs:sequence><xs:element name= ActorLink type= ActorReferenceType maxOccurs= unbounded I> + t + Role-Slice   f • User Diagram Diagram   t   t ..-----  J ---- II •••••• I I ••• II ••••   r .. w Mandatory DI f Access Control................. eegaIon Extensions Diagram t DependenciesbetvveenSecurityModelDiagramsandTheirFeaturesMACExtensionsmayOptionallybeIncludedinEachSecurityDiagramSecurityModelChangesReflectedinSecureSubsystem(andviceversa) </xs:sequence></xs:complexType> < xs el ement><ContinuityOfCareRecord xmlns= urn: astm-org:CCR'><CCRDocumentOb jectl D>Doc</CCRDocumentOb jectl D><Language><Text>EngIish </Te xt ></L anguage><Versi on>V1.0<Nersion> <DateTime><ExactDateTime>2008</Exact DateTime>< Date Time><Patient><ActorlD>Patient</ActorlD></Patient><Body> (b). XML Instance <Problems> <Problem> <DateTime><Type><Text>Start date< Text>< Type> <ExactDateTime>2007-04-04T07:00:OOZ</ExactDateTime> < DateTime> <DateTime><Type><Text>Stop date< Text>< Type> <ExactDateTime>2008-07-20TO7:00: OOZ <I ExactDateTime> < DateTime> <Description> <Code><Value>346.80<Nalue><CodingSystem>1CD9< Codi ngSystem> <Version>2004< Version> < Code> Figure 2: Continuity of Care Record. III. SECURESOFTWAREENGINEERINGWITH UMLThissectionreviewspriorworkonUMLdiagramsforsecuresoftwareengineering[16,17]toelevatesecuritytoafirstclasscitizenhandledearlyinthesoftwaredevelopmentprocess,anduseextendthisworktosupportXML-basedsecurity.UMLprovidesmultiplediagramsthatcanbe 784 For theproposedXMLsecurityframeworkinSectionIV,weemploytheUMLclassdiagram,theSSD,andtheRoleSliceDiagram(RSD). For instance,inahealthcaredomain,theSecureSubsystemDiagramwouldrepresenttheallowedaccesstoportions of theVirtualChartApplication(VCA)thatprovidesacommonAPIacrossmultipleEHRsconnectedviaHIE,butnottheentireAPI.SSDcontainstheset of classesandmethodsthat are asubset of publicallyavailableonestobeprotectedthroughaccesscontrol.TheSSDisaspecializedUMLpackage,markedwiththeUMLstereotype «SecureSubsystem» whichcontainsasubset of theAPIclasseseachwithafurtherasubsetofthetheirmethods. For example,Figure 4 illustratestheset of read/writeoperationsthatcanbeperformedagainstthe EHR (asubset of VCAAPI).PlacingthemintotheSSDspecifiesthataccesstoall of theirmethodsmustbecontrolled.InordertolimitaccesstothemethodsinFigure 4, theSSDextensionto UML isutilized.Asmentionedbefore,RBAC 1 supportspermissionroleauthorizationandarolehierarchy.Theworkin[16,17]haseachrolerepresentedbyaspecializedUMLpackagemarkedusingthe «RoleSlice» UMLstereotypeasgiveninFigure5.Eachsuchpackageisonlyallowedtocontain UML classes.Toincreasethecustomizability of thepermissionroleassignment,eachmethodintheRSDcontainsisspecialized:with: «neg» stereotypewhichspecifiesthatthisparticularmethodcannot  Figure 4: SecureSubsystemDiagram. 1 «Rolelnheritance»   -   ---   -   ---   --   -   ---   -   ·..· : Physician I Nurse I RoleS lice» «Roleslice» writeElectronicMed icalRecord writeElectron icMedicalRecord <xpos> + setMedicalHistoryO<xpos> + setBillingHistoryO<xpos> + setAllergyHistoryO<xpos> + setFamilyHistoryO<xpos> + setAppointmentHistory ) <xpos> + setDemographics<xpos> + setTestHistoryO<xpos> + setVaccinationHistoryO<xpos> + setClinicalNotesHistoryO OriginalXMLInstances   XACMLPolicyActsonthefilteredXMLinstances SoftwareApplicationLevel AccessControlPolicies Roles   Constraints I RoleHierarchy   Permissions IV. PROPOSEDSECURITYFRAMEWORKFOR XMLInthissection,wepresenttheproposedsecurityframeworkforXMLschemas.ThegeneralapproachistohaveasetofXMLschemascorrespondingtoanapplication(upperrightinFigure6),whichwillbeinstantiatedfortheexecutingapplication(bottomright of Figure6).Fromasecurityperspective,ourintentistoinsurethatwhenusersattempttoaccesstheinstances,thataccesswillbecustomizedandfilteredbasedontheirdefineduserroleandassociatedsecurityprivileges(bottomleft of Figure6).Inahealthcaresetting,asecretarymayonlyhaveaccesstopatientdemographics,anurseonlyabletowriteportions of thedata,aphysicianmorebroaderaccess.Ourapproachtosecuresoftwareengineering(seeSectionIIIagain)istoinsurethatthesedifferentviewsoftheschemasareappliedtotheusersexecutingtheirrespectivedesktopandmobileHITapplicationsagainsttheirauthorizedinstances(patients).Toachievethisapproach,SectionIV.A,presentsanewUMLclassdiagramcalleda XNfLSchemaClassDiagram XSCD totransitionanXMLschemaintoaUMLlikediagramandnotation.ThisaddsadegreeofsoftwareengineeringtotheXMLdesignprocess.WealsodefineanewUML XMLRoleSliceDiagram XRSD thatextendsFigure5andallowspermissionstobedefinedagainstXMLschemaelementsintheXSCD.Then,SectionIV.BexploresthetransitionoftheseXSCDsintoacorrespondingsecuritypolicytoautomaticallygenerateXACMLforenforcementoftheXMLschemaattheinstancelevel;theXCSDincombinationwithXRSDallowsanXACMLpolicytobedefined.ThismaynecessitatetheinterceptionofvariousXMLstoolsinordertoallowthesecuritychecktooccur;e.g.,usingXSLTmustonlyreturninstancesthatareallowedandwhichportionsareallowedforauserplayingagivenrolebasedondefinedpermissions. XMLschemas writeElectronicMed icalRecord <xpos> + getMedicationHistoryO read Electron icMedicalRecord Provider «Roleslice» <xpos> +getMedicalHistoryO <xpos> + getAllergyHistoryO<xpos> + getMedicationHistoryO<xpos> + getBillingHistoryO<xpos> + getAppointmentHistoryO<xpos> + getFamilyHistoryO<xpos> + getMedicationHistoryO<xpos> + getDemographics<xpos> + getTestHistoryO<xpos> + getVaccinationHistoryO«DOS» + aetClinicalNotesHistorvll Vi rtualChartApplication I «SecureSubsystem » readElectronicHealthlRecord writeElectronicHealthl Record + getMedicalHistoryO + setMedicalHistoryO + getAllergyHistoryO + setAllergyHistoryO + getMedicationHistoryO + setMedicationHistoryO + getBillingHistoryO + setBillingHistoryO + getAppoi ntmentHistoryO + setAppointmentHistoryO + getFamilyHistoryO + setFamilyHistoryO + getMedicationHistoryO + setMedicationHistoryO + getDemographics + setDemographics + getTestHistoryO + setTestHistoryO + getVaccination Hlstoryt) + setVaccinationHistoryO + getClinicalNotesHistoryO + setClinicalNotesHistoryO beaccessedbytherole,effectivelyturning off themethodsfromtheparentandallitchildroles;and, «pos» stereotypewhichspecifiesthatthisparticularmethodisallowedtobeaccessedbytherole.ThisassignmentofnegativeandpositivepermissionstoaparticularroleattainspermissionroleauthorizationinRBAC.Tofurtherincreasetherolemanagement,theroleinheritanceissupportedbydefiningspecializedrelationshipsamongroleslicepackages.The«RoleInheritance»UMLstereotypespecifiesthatthechildroleslicepackageinheritsallpositivemethodsfromtheparentroleslicepackage.TheexampleinFigure5illustratesProvider,Nurse,andPhysicianroles.TheProviderRolehasasetofmethodsauthorizedtomanystakeholders.APhysicianroleisauthorizedtohavereadandwriteaccesstotheentireEHRofthepatientthroughtheVCA.ANurseroleinheritsallofthepositivepermissionsfromabaseroleexceptthoseforbillingandappointmenthistories. Figure 5:RoleSlice Diagram. Figure6:Overview ofXML SecurityFramework. 785  Physician «RoleSlice» TohandlethehierarchicalnatureofXMLschemasforXSCDinFigure7,werepresenteachxs:complexType ゥ theschemaasaUMLclasswiththeirrespectiveUMLstereotype.Ifanxs:elementisadescendantofanotherschemaconcept,thenthisrelationisrepresentedasanequivalentclass-subclassrelationintheclassdiagram.Thisholdstrueforxs:sequence,xs:simpleType,etc.XMLschemaextensions(xs:extension)arerepresentedasassociationsbetweenclassesinFigure7.Werepresentdata-typecardinalityrequirements(minOccurs,maxOccurs)andotherXMLconstraintswithageneric «constraint» stereotypeassignedtotheattribute.Thexs:elementtypeisrespectivelyrepresentedwitha «type» stereotype.Figure7presentsthewaythattheXSCDfortheCCR'sschemaxs:complexType'StructuredProductType'wouldlookafterthetransformationprocess(notethatthefiguredoesnotincludeallchildrennodesfromtheCCRduetoofspacelimitations).ThisXSCDimplementationallowsforcustomizedaccesscontrolpoliciestobegeneratedfortherespectiveconceptsoftheXMLschema.ThenextstepintheprocessistoapplysecuritypoliciestotheXSCD(topleftofFigure6)thatareconsistentwith[16,17]where «pos» and «neg» permissionswereusedtolimitmethodsattheAPIlevel.Correspondingly,forXSCD,weutilizetheRSD(seeFigure5)todefineanew XNfLRoleSliceDiagram,XRSD (seeFigure8)thatiscapableofapplyingaccesscontrolpoliciesorpermissionsontheattributesoftheXSCD,akintoapplyingsuchpoliciestotheprivateorpublicdataofaclass.Figure8hastwoXRSDs,PhysicianandNurse,thataugmenttheircounterpartsinFigure5asextendedroleslices «<Role Slice>>).Toaccomplishthis,wealsoextendthelistofstereotypestorepresentallowanceordenialofaccess. «r/w» «element» BrandName « » «element» BrandName « » «element» StrengthSequencePosition «r/w» «element» StrengthSequencePosition «r» < <element> > Prod uct «r/w» <<e lement> > Prod uct «r» «element» ProductName «r/w» «element» ProductName Nurse «RoleSlice» A.NewUMLSchemaClassandRoleSliceDiagrams Inthissection,wepresentanewUML XMLSchemaClassDiagram XSCD thatcontainsarchitecture,structurecharacteristics,andconstraints.ThesetofallXMLschemasforagivenapplicationareconvertedintoacorrespondingsetofXSCDs.TheintentistoprovideadegreeofsoftwareengineeringtotheXMLdesignprocess;ratherthanjusthaphazardlybuildingschemasanddeployinginstances,thecreationofanXMLschemashouldbeplacedintotheUMLcontextalongsideotherdiagrams(class,usecase,sequence,activity,etc.)thatallhavethepotentialtoimpactthecontent ofaXML diagramforanapplication.IncludedinthisworkisanutilizationoftheconceptsoftheRSDfrom[16,17]toextendanddefineanew XNfLRoleSliceDiagram XRSD whichhastheabilitytoaddpermissionstothevariouselementsoftheXSCD,i.e.,read,write,noread,nowrite,oranycombinationofthese,suchasread/write,read/nowrite,etc.TheoriginalRSDinFigure5focusedon «pos» and «neg» permissionsonmethods,whileXRSDswillemphasizethedataaspectsthatarethefocusofanXMLschemaasmodeledinXSCD.Intheliterature,approachestotranslateadefinedXMLschemaintoaUMLdiagram[3,4,9,19,21]thateachprovidesvaryinglevelsofsupportformodelgroups,elements,attributes,andidentityconstraints[4],dependingontheapproachutilized(e.g.,theUMLmetamodelorUMLprofile,acombinationofthetwo,etc.).Inourapproach,thenewUMLXML SchemaClassDiagram XSCD ,showninFigure7,isanartifactthatholdsallofthecharacteristicsoftheXMLschema,includingstructure,datatypeconstraints,andvalueconstraints.WhiletheprocessofthewaythattheXSCDisbuiltfromtheoriginalXMLschemaisoutofthescopeofthispaper,weexplainbrieflyusingtheCCRschema.RecallthatXMLschemasarecharacterizedbyahierarchicalstructurewithdatatypeconstraints.AnotherpossibilityofXMLschemasisreferencingotherXMLschemasthatprovideanotherlayerofstructureandconstraints.WespecifytwoissuestoaddresswhendesigningthemodelingcapabilitiesofXSCD:XMLschemareferencesmustbesupported,andtheXMLstructureandconstraintsmustbemaintained. «element»PrcductName Figure7: Proposed UML SchemaClassDiagram. Figure 8: XML RoleSlice Diagrams. 786
Search
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks