[go: up one dir, main page]

CN1859402B - XML Document Management System and Its Method and XML Document Access Control Method - Google Patents

XML Document Management System and Its Method and XML Document Access Control Method Download PDF

Info

Publication number
CN1859402B
CN1859402B CN200610033602A CN200610033602A CN1859402B CN 1859402 B CN1859402 B CN 1859402B CN 200610033602 A CN200610033602 A CN 200610033602A CN 200610033602 A CN200610033602 A CN 200610033602A CN 1859402 B CN1859402 B CN 1859402B
Authority
CN
China
Prior art keywords
xml document
client
document management
rule
bookkeeping
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200610033602A
Other languages
Chinese (zh)
Other versions
CN1859402A (en
Inventor
鲍洪庆
招扬
田林一
孙谦
宋雪飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN200610033602A priority Critical patent/CN1859402B/en
Publication of CN1859402A publication Critical patent/CN1859402A/en
Priority to CNA200680013175XA priority patent/CN101164278A/en
Priority to AT06840689T priority patent/ATE475234T1/en
Priority to DE602006015706T priority patent/DE602006015706D1/en
Priority to PCT/CN2006/003659 priority patent/WO2007090332A1/en
Priority to KR1020087021772A priority patent/KR101008121B1/en
Priority to EP06840689A priority patent/EP1983683B1/en
Priority to US11/969,603 priority patent/US8812696B2/en
Application granted granted Critical
Publication of CN1859402B publication Critical patent/CN1859402B/en
Priority to US14/326,054 priority patent/US9208336B2/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明涉及XML文档的委托管理,旨在实现XDM的委托,一种XML文档管理方法,包括步骤:(1)XML文档管理客户端向XML文档管理服务器发出XML文档管理操作请求;(2)XML文档管理服务器接收所述XML文档管理客户端的XML文档操作请求并判断XML文档管理客户端的请求是否满足所述XML文档管理操作的委托授权规则的生效条件;(3)当XML文档管理客户端的请求满足XML文档管理操作的委托授权规则的生效条件时,执行规则规定的XML文档管理操作,否则执行非授权委托处理过程。本发明还公开了一种XML文档管理系统、XML文档管理客户端以及一种XML文档管理服务器。本发明有效实现了XML文档的委托管理操作,可广泛应用于XML文档的管理中。

Figure 200610033602

The present invention relates to the entrusted management of XML documents, aiming at realizing the entrustment of XDM, an XML document management method comprising steps: (1) XML document management client sends XML document management operation request to XML document management server; (2) XML document management server sends XML document management operation request; The document management server receives the XML document operation request from the XML document management client and judges whether the request of the XML document management client satisfies the effective conditions of the entrusted authorization rules for the XML document management operation; (3) when the request of the XML document management client satisfies When the entrusted authorization rules for XML document management operations take effect, the XML document management operations stipulated in the rules are executed; otherwise, the non-authorized delegation process is executed. The invention also discloses an XML document management system, an XML document management client and an XML document management server. The invention effectively realizes the entrusted management operation of the XML document, and can be widely used in the management of the XML document.

Figure 200610033602

Description

XML文档管理系统及其方法与XML文档访问控制方法 XML Document Management System and Its Method and XML Document Access Control Method

技术领域technical field

本发明涉及XML文档的管理,尤其涉及一种XML文档管理方法、一种XML文档管理系统、XML文档管理服务器、XML文档管理客户端。The present invention relates to the management of XML documents, in particular to an XML document management method, an XML document management system, an XML document management server, and an XML document management client.

背景技术Background technique

XML(可扩展标记语言)文档管理(XDM)系统是多种业务的通用引擎,能够存储和管理各种引擎的数据。XDM系统主要包括以下功能实体:XML (Extensible Markup Language) Document Management (XDM) system is a common engine for various services, and can store and manage data of various engines. The XDM system mainly includes the following functional entities:

1.XDM客户端(XDMC):XDM客户端是提供接入不同XDM服务器的实体。XDM客户端可能是终端或者服务器实体。XDM客户端是接入XDM服务器中XCAP资源的实体。XCAP资源对应一个XML文档的元素和属性。XCAP资源通过一个HTTP URI来识别。XDM客户端通过HTTP操作来使用XML文档。XDM客户端应该基于应用的使用方法来构造RequestedURI。可以进行如下操作:创建或取代一个文档;删除一个文档;获取一个文档;创建或取代一个元素;删除一个元素;获取一个元素;创建或取代一个属性;删除一个属性;获取一个属性。1. XDM client (XDMC): The XDM client is an entity that provides access to different XDM servers. XDM clients may be terminal or server entities. An XDM client is an entity that accesses XCAP resources in an XDM server. XCAP resources correspond to elements and attributes of an XML document. XCAP resources are identified by an HTTP URI. XDM clients consume XML documents through HTTP operations. The XDM client should construct the RequestedURI based on the usage method of the application. The following operations can be performed: create or replace a document; delete a document; get a document; create or replace an element; delete an element; get an element; create or replace an attribute; delete an attribute; get an attribute.

2.共享XDM服务器(XDMS):共享XDM服务器提供鉴权、管理和通知功能。共享XDM服务器支持URI列表。URI列表包括被不同业务引擎重用的群组、接受列表、拒绝列表。2. Shared XDM server (XDMS): The shared XDM server provides authentication, management and notification functions. Shared XDM server supports URI list. URI lists include groups, accept lists, and deny lists that are reused by different service engines.

3.引擎特定的功能体,包括:3. Engine-specific functional bodies, including:

1)引擎特定的XDM服务器,引擎特定的XDM服务器主要提供以下功能:1) Engine-specific XDM server, the engine-specific XDM server mainly provides the following functions:

对SIP或XCAP请求的鉴权;Authentication of SIP or XCAP requests;

管理引擎特定的XML文档;Manage engine-specific XML documents;

对引擎特定XDM服务器中多个文档的改变通知进行聚合;Aggregate change notifications for multiple documents in an engine-specific XDM server;

将网络中存储的此类引擎特定XML文档的改变通知给订阅者。Subscribers are notified of changes to such engine-specific XML documents stored in the network.

2)引擎特定服务器,为各个业务引擎的业务服务器。2) The engine-specific server is the service server of each service engine.

4.聚合代理:XDM客户端在用户设备实现接入XDM服务器上的XML文档的接触点,称之为聚合代理。聚合代理执行以下的功能:4. Aggregation proxy: The XDM client implements the contact point of accessing the XML document on the XDM server on the user device, which is called the aggregation proxy. Aggregation agents perform the following functions:

1)执行对XDM客户端的鉴权。1) Perform authentication on the XDM client.

2)路由XCAP请求到正确的XDM服务器。2) Route the XCAP request to the correct XDM server.

3)支持计费。(可选)3) Support billing. (optional)

4)在无线接口支持压缩/解压。4) Support compression/decompression on the wireless interface.

5.SIP/IP core:SIP/IP core是服务器例如代理和注册机等的互联网络,为XDM文档管理系统提供多种服务,例如路由,认证,压缩等。5. SIP/IP core: SIP/IP core is the Internet of servers such as agents and registration machines, which provide various services for the XDM document management system, such as routing, authentication, compression, etc.

现有技术方案中,配置信息的设置必须是XDM客户端本身,不存在委托机制。如图1中所示,典型的配置信息的设置系统主要有以下装置组成:In the prior art solutions, the configuration information must be set by the XDM client itself, and there is no delegation mechanism. As shown in Figure 1, a typical configuration information setting system mainly consists of the following devices:

A)XDM客户端:是接入不同XDM服务器的实体,可能为终端或服务器。当XDM客户端为终端时通过聚合代理与XDM服务器交互;否则XDM客户端直接与XDM服务器交互。XDM客户端使用XCAP协议管理存储与某XDM服务器上的相应XML文档。A) XDM client: It is an entity that accesses different XDM servers, which may be a terminal or a server. When the XDM client is a terminal, it interacts with the XDM server through the aggregation proxy; otherwise, the XDM client directly interacts with the XDM server. The XDM client uses the XCAP protocol to manage the corresponding XML documents stored on an XDM server.

B)聚合代理:当XDM客户端为用户设备终端时,XDM客户端的XCAP请求由聚合代理转发给恰当的XDM服务器,聚合代理的主要功能是路由,鉴权,或计费,压缩.B) Aggregation proxy: When the XDM client is a user equipment terminal, the XCAP request of the XDM client is forwarded to the appropriate XDM server by the aggregation proxy. The main functions of the aggregation proxy are routing, authentication, or billing, and compression.

C)XDM服务器:XDM服务器为多个XDM客户端存储和管理XML文档,为订阅了某些文档改变的客户端在相应文档发生改变时提供通知消息,XDM服务器还提供鉴权功能。C) XDM server: The XDM server stores and manages XML documents for multiple XDM clients, and provides notification messages for clients who have subscribed to certain document changes when the corresponding documents change. The XDM server also provides authentication functions.

该系统所存在的缺点是,XDM客户端在操作其存储在XDM服务器上的XML文档时只能由其本身操作,当XDM客户端不方便自己操作时,不能委托其他实体为其操作,给用户带来不便。The disadvantage of this system is that the XDM client can only operate by itself when operating the XML document stored on the XDM server. When the XDM client is inconvenient to operate by itself, it cannot entrust other entities to operate for it. bring inconvenience.

但有很多情况下需要一种代理机制,以允许某个客户端将其对XML文档的存储管理等操作代理给其他客户端进行,即让其他XDM客户端为其存储或管理其XML文档。而且,现有技术中并没有可以对XML文档进行访问控制的机制。However, in many cases, a proxy mechanism is needed to allow a client to delegate operations such as storage and management of XML documents to other clients, that is, let other XDM clients store or manage their XML documents for them. Moreover, there is no mechanism for controlling access to XML documents in the prior art.

发明内容Contents of the invention

本发明的目的之一是提供一种使XDM客户端能够委托其他实体进行XDM操作的方法,使XDM客户端可方便地进行XDM操作。One of the objectives of the present invention is to provide a method for enabling an XDM client to entrust other entities to perform XDM operations, so that the XDM client can conveniently perform XDM operations.

为了达成上述目的,本发明所采取的技术方案是,提供一种XML文档管理方法,包括步骤:(1)XML文档管理客户端向XML文档管理服务器发出XML文档管理操作请求;(2)XML文档管理服务器接收所述XML文档管理客户端的XML文档管理操作请求并判断XML文档管理客户端的请求是否满足所述XML文档管理操作的委托授权规则的生效条件,所述XML文档管理操作的委托授权规则的生效条件至少包括XML文档访问客户端的身份信息条件;(3)当XML文档管理客户端的请求满足XML文档管理操作的委托授权规则的生效条件时,执行规则规定的XML文档管理操作,否则执行非授权委托处理过程。In order to achieve the above object, the technical solution adopted by the present invention is to provide an XML document management method, comprising steps: (1) the XML document management client sends an XML document management operation request to the XML document management server; (2) the XML document The management server receives the XML document management operation request from the XML document management client and judges whether the XML document management client's request satisfies the effective conditions of the delegated authorization rule for the XML document management operation, and the delegated authorization rule for the XML document management operation The effective conditions include at least the identity information conditions of the XML document access client; (3) When the request of the XML document management client meets the effective conditions of the entrusted authorization rules for XML document management operations, execute the XML document management operations specified in the rules, otherwise execute unauthorized Delegate processing.

优选地,所述规则所规定的XML文档管理操作包括:对XML文档特定部分的特定管理操作。Preferably, the XML document management operations specified by the rules include: specific management operations on specific parts of the XML document.

本发明的另一个目的是提供一种使XDM客户端能够委托其他实体进行XDM操作的系统。Another object of the present invention is to provide a system enabling an XDM client to entrust other entities to perform XDM operations.

为了达成上述目的,本发明采用的技术方案是提供一种XML文档管理系统,包括XML文档管理客户端和XML文档管理服务器,所述XML文档管理客户端与XML文档管理服务器连接,在所述XML文档管理客户端和XML文档管理服务器之间还设有XML文档管理操作委托检查及处理装置,该XML文档管理操作委托检查及处理装置验证所述XML文档管理客户端所请求的XML文档操作是否为授权委托方式,并执行XML文档管理客户端所请求的XML文档管理操作相应的处理。In order to achieve the above object, the technical solution adopted by the present invention is to provide an XML document management system, including an XML document management client and an XML document management server, the XML document management client is connected to the XML document management server, and in the XML An XML document management operation entrusted inspection and processing device is also provided between the document management client and the XML document management server, and the XML document management operation entrusted inspection and processing device verifies whether the XML document operation requested by the XML document management client is Authorize the delegation mode, and execute the corresponding processing of the XML document management operation requested by the XML document management client.

优选地,其中所述的XML文档管理操作委托检查及处理装置包括:委托检查模块,用于检查XML文档管理客户端所请求的XML文档管理操作是否为委托方式;授权处理模块,用于判断委托检查模块确定的委托方式是否为授权的委托方式,并在委托方式为授权的委托方式时根据委托授权规则执行对XML文档特定部分的特定管理操作。Preferably, the XML document management operation delegation check and processing device includes: a commission check module, used to check whether the XML document management operation requested by the XML document management client is in a delegated mode; an authorization processing module, used to judge whether the delegated operation Check whether the delegation method determined by the module is an authorized delegation method, and when the delegation method is an authorized delegation method, perform a specific management operation on a specific part of the XML document according to the delegation authorization rule.

本发明的第三个目的是提供一种与上述XML文档管理方法及XML文档管理系统相应的实现XML访问控制的方法。The third object of the present invention is to provide a method for implementing XML access control corresponding to the above-mentioned XML document management method and XML document management system.

为达成上述目的,本发明采用的技术方案是一种XML文档访问控制方法,包括:步骤A:判断请求访问XML文档的XML文档访问客户端身份标识是否与所述XML文档拥有者之外的满足XML文档管理操作的委托授权规则的生效条件的XML文档访问客户端身份标识相匹配,若是则执行B,否则退出本处理过程,所述XML文档管理操作的委托授权规则的生效条件至少包括XML文档访问客户端的身份信息条件;步骤B:根据规定的满足XML文档管理操作的委托授权规则的生效条件的XML文档访问客户端执行的对XML文档特定部分的访问操作,执行所述XML文档访问客户端对所述XML文档的特定部分请求执行的规定的XML文档访问操作.In order to achieve the above object, the technical solution adopted by the present invention is an XML document access control method, including: Step A: judging whether the identity of the XML document access client requesting to access the XML document meets the requirements other than the owner of the XML document; The XML document access client ID of the effective condition of the entrusted authorization rule of the XML document management operation matches, if then execute B, otherwise exit this process, the effective condition of the entrusted authorization rule of the XML document management operation includes at least the XML document The identity information condition of the access client; Step B: Execute the XML document access client according to the access operation to a specific part of the XML document performed by the XML document access client that satisfies the effective conditions of the entrusted authorization rules for XML document management operations A specified XML document access operation requested to be performed on a specific portion of said XML document.

本发明的技术效果有以下几个方面:Technical effect of the present invention has the following aspects:

1.本发明通过对不同于XML文档拥有者的管理客户端进行委托授权,实现了XML文档的委托管理操作,使XML文档的管理操作更加灵活、方便;1. The present invention realizes the entrusted management operation of the XML document by entrusting the management client different from the owner of the XML document, making the management operation of the XML document more flexible and convenient;

2.由于本发明使XML文档的能够进行委托管理,所以能够有效地实现XML文档的管理共享;2. Since the present invention enables entrusted management of XML documents, the management and sharing of XML documents can be effectively realized;

3.本发明使满足XML文档访问条件的XML文档访问客户端能够对XML文档的特定部分进行规定的操作,从而实现了对XML文档的精确访问控制。3. The present invention enables an XML document access client that meets the XML document access conditions to perform specified operations on a specific part of the XML document, thereby realizing precise access control to the XML document.

附图说明Description of drawings

图1是现有技术的XML文档管理系统示意图;FIG. 1 is a schematic diagram of an XML document management system in the prior art;

图2是本发明的一个实施例的XML文档管理系统的示意图;Fig. 2 is the schematic diagram of the XML document management system of an embodiment of the present invention;

图3是本发明的另一个实施例的XML文档管理方法的XML文档委托管理操作的流程图;Fig. 3 is a flow chart of the XML document entrusted management operation of the XML document management method of another embodiment of the present invention;

图4是图3中实施例的XML文档管理方法的委托方式检查的流程图;Fig. 4 is a flow chart of the entrusted mode inspection of the XML document management method of the embodiment in Fig. 3;

图5是本发明的第三实施例的XML文档管理方法的消息流程图。Fig. 5 is a message flow chart of the XML document management method of the third embodiment of the present invention.

具体实施方式Detailed ways

图2是本发明的一个实施例的XML文档管理系统的示意图。Fig. 2 is a schematic diagram of an XML document management system according to an embodiment of the present invention.

如图所示,该XML文档管理系统包括XML文档管理(XDMC)代理、聚合代理和XML文档管理服务器(XDMS),在XDMS端还具有委托检查和处理装置,XDMC代理与聚合代理之间以及聚合代理与委托检查和处理装置及XDMS之间的订阅/通知消息通过SIP/IP Core实现。As shown in the figure, the XML document management system includes an XML document management (XDMC) agent, an aggregation agent, and an XML document management server (XDMS). On the XDMS side, there is also an entrusted inspection and processing device, between the XDMC agent and the aggregation agent, and the aggregation Subscription/notification messages between the agent and the entrusted inspection and processing device and XDMS are realized through SIP/IP Core.

XDMC代理发送XCAP请求给聚合代理,聚合代理将请求转发给XDMS,XDMS中的委托检查和处理装置验证XML文档操作请求是否为授权委托方式,并执行XML文档管理客户端所请求的XML文档管理操作相应的处理,由XDMS向聚合代理发送确认消息,聚合代理将确认消息返回给XDMC代理。The XDMC agent sends the XCAP request to the aggregation agent, and the aggregation agent forwards the request to XDMS, and the entrusted inspection and processing device in XDMS verifies whether the XML document operation request is in the authorized delegation mode, and executes the XML document management operation requested by the XML document management client For corresponding processing, the XDMS sends a confirmation message to the aggregation agent, and the aggregation agent returns the confirmation message to the XDMC agent.

XML文档管理操作委托检查及处理装置可以包括:委托检查模块,用于检查XML文档管理客户端所请求的XML文档管理操作是否为委托方式;以及授权处理模块,用于判断委托检查模块确定的委托方式是否为授权的委托方式,并在委托方式为授权的委托方式时根据委托授权规则执行对XML文档特定部分的特定管理操作。The XML document management operation entrusted inspection and processing device may include: an entrusted inspection module, used to check whether the XML document management operation requested by the XML document management client is entrusted; Whether the mode is an authorized delegation mode, and when the delegation mode is an authorized delegation mode, perform a specific management operation on a specific part of the XML document according to the delegation authorization rules.

上述文档管理系统还可以包括XML文档拥有者客户端,该XML文档拥有者客户端是一种XML文档管理的客户端,其为XML文档的实际拥有者,与XDMS连接。XML文档拥有者客户端制定委托授权规则,并将委托授权规则文档发送到XDMS,委托授权规则授权XDMC代理执行XML文档的特定部分的规定管理操作。The above-mentioned document management system may also include an XML document owner client, which is a kind of XML document management client, which is the actual owner of the XML document and is connected to the XDMS. The XML document owner client formulates delegated authorization rules and sends the delegated authorization rule document to XDMS, and the delegated authorization rules authorize the XDMC agent to perform specified management operations on a specific part of the XML document.

另外,委托授权规则文档也可以由XDMS制定并存储、运行。In addition, the delegated authorization rule document can also be formulated, stored and run by XDMS.

委托授权规则包括:请求者标识字段,用于标识规则所对应的XML管理操作请求的发送者;操作对象字段,用于标识所述XML管理操作对应的XML文档或其中的特定元素或属性;操作类型字段,用于标识所述XML管理操作的类型;动作字段,用于标识规则匹配后服务器所采取的动作。The delegated authorization rule includes: a requester identification field, used to identify the sender of the XML management operation request corresponding to the rule; an operation object field, used to identify the XML document corresponding to the XML management operation or a specific element or attribute in it; the operation The type field is used to identify the type of the XML management operation; the action field is used to identify the action taken by the server after the rule is matched.

XDM委托授权规则保存在XML文档中,文档中包含若干规则,每个规则说明谁可以代理委托者对相应文档中哪种或哪些元素进行哪些操作。XDM delegated authorization rules are stored in an XML document, which contains several rules, and each rule specifies who can act on behalf of the delegator on which or which elements in the corresponding document.

XDM委托授权规则文档的格式可以采用与现有机制架构(参见参考文献[COMMONPOL])类似的架构。文档包含一个根元素<ruleset>,根元素<ruleset>包含若干表示一个规则的<rule>子元素,每个<rule>元素包含三个元素<condition>,<action>,<transformation>。其中<condition>元素确定本规则的生效条件,<action>元素确定本规则生效时采取的动作,例如允许,拒绝,等待确认等,<transformation>表示对信息的处理,在这里用来指定访问控制的XML文档的内容。The format of the XDM Delegated Authorization Rules document can adopt a structure similar to that of existing mechanisms (see reference [COMMONPOL]). The document contains a root element <ruleset>, and the root element <ruleset> contains several <rule> child elements representing a rule, and each <rule> element contains three elements <condition>, <action>, <transformation>. Among them, the <condition> element determines the effective conditions of this rule, and the <action> element determines the action taken when this rule takes effect, such as allowing, denying, waiting for confirmation, etc., and <transformation> indicates the processing of information, which is used here to specify access control The content of the XML document.

<condition>元素主要包括:The <condition> element mainly includes:

A)Identity:用户身份标志,例如sip:zhangsan@huawei.comA) Identity: user identity mark, such as sip:zhangsan@huawei.com

B)Domain:域,例如@example.comB)Domain: domain, such as @example.com

C)Validity:有效期,例如2005-8-18:00~2005-8-918:00C) Validity: validity period, such as 2005-8-18:00~2005-8-918:00

D)Sphere:位置,例如home,workD) Sphere: location, such as home, work

对<action>元素的扩展如下:The extension to the <action> element is as follows:

<action>元素至少包含但不限于下述中的一种:The <action> element includes at least but not limited to one of the following:

<get>元素,定义对GET操作的动作;The <get> element defines the action for the GET operation;

<put>元素,定义对PUT操作的动作;The <put> element defines the action for the PUT operation;

<delete>元素,定义对DELETE操作的动作;The <delete> element defines actions for DELETE operations;

<post>元素,定义对POST操作的动作;The <post> element defines the action for the POST operation;

这些动作可以包括:“allow”,“deny”,“confirm”,分别表示允许,拒绝和需要确认。These actions can include: "allow", "deny", and "confirm", respectively expressing permission, denial and confirmation required.

<transformation>元素包含若干<xpath>子元素,<xpath>元素的值为一个XPATH表达式,这些<xpath>元素间是逻辑或(OR)的关系,指定访问者可以访问的XML文档的部分。The <transformation> element contains several <xpath> sub-elements. The value of the <xpath> element is an XPATH expression. These <xpath> elements are in a logical OR (OR) relationship, specifying the part of the XML document that the visitor can access.

另外授权规则文档还可以是另一种结构:In addition, the authorization rule document can also have another structure:

类似[COMMON_POLICY],文档包含<ruleset>根元素,其中包含若干<rule>元素。Like [COMMON_POLICY], documents contain a <ruleset> root element, which contains several <rule> elements.

<rule>元素包含<condition>、<action>、<transformation>三个子元素。The <rule> element contains three sub-elements <condition>, <action> and <transformation>.

在此基础上,本实施例在<condition>元素中增加子元素<method>,<method>元素的值至少包括但不限于GET、PUT、DELETE之一;在<transformation>元素中增加子元素<xpath>,表示本规则所控制的XML的哪部分,其值为一个XPATH表达式,<transformation>元素可以有若干个<xpath>子元素,这些<xpath>元素所描述的XML文档的部分的并集表达了规则控制XML文档的哪些部分。On this basis, this embodiment adds a sub-element <method> to the <condition> element, and the value of the <method> element includes at least but not limited to one of GET, PUT, and DELETE; adds a sub-element < xpath>, indicating which part of the XML controlled by this rule, its value is an XPATH expression, the <transformation> element can have several <xpath> sub-elements, and the combination of the parts of the XML document described by these <xpath> elements Sets express rules governing which parts of an XML document.

图3是本发明的另一个实施例的XML文档管理方法的XML文档委托管理操作的流程图。Fig. 3 is a flow chart of the XML document entrusted management operation of the XML document management method according to another embodiment of the present invention.

如图3所示,XDM S收到XDM操作请求后,进行委托方式判断,检查消息发送者标识是否与所操作文档的拥有者标识匹配,若匹配则为一般方式,否则为委托方式。如果为一般方式,则按照现有技术的流程处理;如果为委托方式,则获取XDM委托授权规则,判断被委托者请求的XDM操作是否满足委托授权规则的生效条件。如果该XDM操作请求满足规则则为授权委托方式,XDMS根据该XDM操作请求执行相应的授权委托管理操作。As shown in Figure 3, after XDM S receives the XDM operation request, it judges the delegation mode, checks whether the message sender ID matches the owner ID of the document being operated, if it matches, it is the general mode, otherwise it is the delegation mode. If it is a general method, it will be processed according to the process of the prior art; if it is a delegation method, it will obtain the XDM delegation authorization rule, and judge whether the XDM operation requested by the delegatee satisfies the effective conditions of the delegation authorization rule. If the XDM operation request satisfies the rules, it is an authorization delegation mode, and the XDMS performs corresponding authorization delegation management operations according to the XDM operation request.

下面举例说明XDM委托授权文档中描述各种规则的情况:The following example illustrates the situation where various rules are described in the XDM delegated authorization document:

假设委托者A的身份标识为:sip:userA@example.com,被委托者B的标识为sip:userB@example.com。Suppose the identity of delegator A is: sip:userA@example.com, and the identity of delegator B is sip:userB@example.com.

假设有委托者A在XDMS中存储有如下的XML文档:Assume that client A has the following XML document stored in XDMS:

http://xcap.example.com/services/resource-lists/users/sip:userA@examplhttp://xcap.example.com/services/resource-lists/users/sip:userA@exampl

e.com/friends.xmle.com/friends.xml

    <?xml version=″1.0″encoding=″UTF-8″?><? xml version="1.0" encoding="UTF-8"? >

    <resource-lists xmlns=″urn:ietf:params:xml:ns:resource-lists″><resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists">

      <list name=″My-Close-friends″><list name="My-Close-friends">

         <entry uri=″sip:Andy@example.com″><entry uri=″sip:Andy@example.com″>

           <display-name>Andy</display-name><display-name>Andy</display-name>

    </entry></entry>

         <entry uri=″sip:Simon@example.com″><entry uri=″sip:Simon@example.com″>

           <display-name>Simon</display-name><display-name>Simon</display-name>

    </entry></entry>

    </list></list>

    <list name=″My_Middle_School_Classmates″><list name="My_Middle_School_Classmates">

          <entry uri=″sip:friend1@example.com″><entry uri=″sip:friend1@example.com″>

            <display-name>Friend1</display-name><display-name>Friend1</display-name>

    </entry></entry>

        <entry uri=″sip:friend2@example.com″><entry uri=″sip:friend2@example.com″>

          <display-name>Friend1</display-name><display-name>Friend1</display-name>

    </entry></entry>

         <entry uri=″sip:friend3@example.com″><entry uri=″sip:friend3@example.com″>

           <display-name>Friend1</display-name><display-name>Friend1</display-name>

    </entry></entry>

  </list></list>

</resource-lists></resource-lists>

上面的XML文档中描述了委托者A的两个列表,一个名为“My-Close-Friends”,一个名为“My-Middle-School-Classmates”。假设A允许被委托者B读取或修改列表“My-Middle-School-Classmates”中的内容。则:The above XML document describes two lists of client A, one named "My-Close-Friends" and one named "My-Middle-School-Classmates". Assume that A allows delegatee B to read or modify the contents of the list "My-Middle-School-Classmates". but:

1)<condition>元素中的子元素<identity>为:1) The child element <identity> in the <condition> element is:

<identity><identity>

      <one id=″userB@example.com″scheme=″sip″/><one id=″userB@example.com″scheme=″sip″/>

</identity></identity>

2)<transformation>元素中的包含如下子元素2) The <transformation> element contains the following sub-elements

<xpath><xpath>

/resource-lists/list[@name=″My_Middle_School_Classmates″]/resource-lists/list[@name="My_Middle_School_Classmates"]

</xpath></xpath>

3)<action>元素为:3) The <action> element is:

<operation><operation>

<get>allow</get><get>allow</get>

<put>deny</put><put>deny</put>

<delete>deny</delete><delete>deny</delete>

</operation></operation>

相应的XDM委托授权规则如下:The corresponding XDM delegation authorization rules are as follows:

在<condition>元素中包含用户B的标识,说明规则在消息发送者为B时适用;Include the identity of user B in the <condition> element, indicating that the rule applies when the sender of the message is B;

在<action>元素中包含四个子元素,第一个说明允许读取(GET)操作,第二个说明禁止写入(PUT)操作,第三个说明禁止删除(DELETE)操作,第四个说明禁止POST操作;There are four sub-elements in the <action> element. The first description allows read (GET) operations, the second description prohibits write (PUT) operations, the third description prohibits deletion (DELETE) operations, and the fourth description Prohibit POST operation;

在<transformation>元素中包含一个<xpath>元素,用XPATH表达式指定本规则适用于操作对应XML文档的哪部分,在这里是适用于对对应XML文档中名为“My_Middle_School_Classmates”的列表的操作。Include an <xpath> element in the <transformation> element, and use the XPATH expression to specify which part of the corresponding XML document this rule applies to, and here it applies to the operation of the list named "My_Middle_School_Classmates" in the corresponding XML document.

    http://xcap.example.com/services/resource-lists/users/sip:userA@examplhttp://xcap.example.com/services/resource-lists/users/sip:userA@exampl

e.com/xdm_delegation_rules.xmle.com/xdm_delegation_rules.xml

      <?xml version=″1.0″encoding=″UTF-8″?><? xml version="1.0" encoding="UTF-8"? >

      <ruleset xmlns=″urn:ietf:params:xml:ns:common-policy″><ruleset xmlns="urn:ietf:params:xml:ns:common-policy">

        <rule id=″f3g44r3″><rule id="f3g44r3">

               <condition><condition>

                   <identity><identity>

                        <one id=″userB@example.com″scheme=″sip″/><one id=″userB@example.com″scheme=″sip″/>

                   </identity></identity>

               </condition></condition>

        <action><action>

      <get>allow</get><get>allow</get>

      <put>deny</put><put>deny</put>

      <delete>deny</delete><delete>deny</delete>

      <post>deny</post><post>deny</post>

    </action></action>

            <transformation><transformation>

                  <xpath>/resource-lists/list[@name=″<xpath>/resource-lists/list[@name=″

My_Middle_School_Classmates″]My_Middle_School_Classmates″]

                  </xpath></xpath>

             </transformation></transformation>

            </rule></rule>

      </ruleset></ruleset>

在委托方式判断中,还可以是通过在消息中增加一个标志字段,表明是否为委托方式。标志字段放在消息头中,当接收到消息时委托检查处理模块获取此标志字段,据此判断是否为委托方式。In judging the delegation mode, a flag field may also be added in the message to indicate whether it is a delegation mode. The flag field is placed in the message header, and when the message is received, the delegation check processing module obtains the flag field, and judges whether it is a delegation mode or not.

图4是图3中实施例的XML文档管理方法的委托方式检查的流程图。FIG. 4 is a flow chart of the entrusted mode checking of the XML document management method of the embodiment in FIG. 3 .

如图4所示,其过程包括获取消息发布者的用户身份标识;获取所操作文档拥有者标识;如果上述两种标识匹配,则为一般方式,否则为委托方式。As shown in Figure 4, the process includes obtaining the user ID of the message publisher; obtaining the owner ID of the operated document; if the above two IDs match, it is a general method, otherwise it is a delegated method.

另外,在被委托者的资格判断中,还可以采用这样的方式:XML文档管理服务器将XML文档管理客户端的身份特征相关的信息发送到XML文档拥有者客户端请求确认,XML文档拥有者客户端确认后将确认信息返回XML文档管理服务器,若确认结果为授权,则XML文档管理客户端为授权的委托XML文档管理客户端,否则为非授权的委托XML文档管理客户端。In addition, in the qualification judgment of the entrusted party, such a method can also be adopted: the XML document management server sends the information related to the identity characteristics of the XML document management client to the XML document owner client to request confirmation, and the XML document owner client After confirmation, the confirmation information is returned to the XML document management server. If the confirmation result is authorization, the XML document management client is an authorized entrusted XML document management client, otherwise it is an unauthorized entrusted XML document management client.

XDMS还可以判断XML文档管理客户端是否为该XML文档拥有者,如果该XML文档管理客户端为该XML文档拥有者,则执行现有技术中一般的XML文档管理操作,这里不作具体描述。如果XML文档管理客户端既非XML文档拥有者,又非授权的委托管理者,则拒绝该XML文档管理客户端对XML文档的管理操作。The XDMS can also determine whether the XML document management client is the owner of the XML document, and if the XML document management client is the owner of the XML document, then perform common XML document management operations in the prior art, which will not be described in detail here. If the XML document management client is neither the owner of the XML document nor the authorized entrusted manager, the management operation of the XML document management client on the XML document is rejected.

上述方案中,若没有说明,则是以委托方或被委托方的XDMC位于用户设备中为例的。另外,无论委托方还是被委托方,其XDMC位于应用服务器中时可以不通过聚合代理而直接向相应XDMS发送请求;若其XDMC位于用户终端中时则可以通过聚合代理向相应XDMS转发请求。In the above solution, if there is no description, it is taken as an example that the entrusting party or the entrusted party's XDMC is located in the user equipment. In addition, no matter the entrusting party or the entrusted party, when its XDMC is located in the application server, it can directly send the request to the corresponding XDMS without passing through the aggregation proxy; if its XDMC is located in the user terminal, it can forward the request to the corresponding XDMS through the aggregation proxy.

图5是本发明的第三实施例的XML文档管理方法的消息流程图。Fig. 5 is a message flow chart of the XML document management method of the third embodiment of the present invention.

用户A委托校友录服务器S为其维护好友信息。当用户A的一个同学B加入A所在班级的校友录中时,服务器为用户A维护存储于某XDMS中的好友列表,将用户B加入好友列表中。User A entrusts the alumni server S to maintain friend information for him. When a classmate B of user A joins the alumni record of A's class, the server maintains a friend list stored in an XDMS for user A, and adds user B to the friend list.

(1)用户A通过XCAP协议在其存储好友列表的XDMS中设置校友录服务器S的XDM委托授权规则,允许校友录服务器向其好友列表“MyClassmates”中增加好友。(1) User A sets the XDM delegation authorization rules of the alumni server S in the XDMS where the friend list is stored through the XCAP protocol, allowing the alumni server to add friends to its friend list "MyClassmates".

(2)用户B加入A所在班级的校友录后,为将用户B加入用户A的好友列表,校友录服务器S向此XDMS发送XDM操作请求。(2) After user B joins the alumni record of A's class, in order to add user B to user A's friend list, the alumni record server S sends an XDM operation request to this XDMS.

(3)此XDMS执行前述委托方式判断流程,从消息中获得消息发布者即校友录服务器S的标识以及操作对象拥有者A的标识,并进行比较,根据比较结果确定为委托方式。(3) The XDMS executes the process of judging the aforementioned entrustment mode, obtains the identity of the message publisher, that is, the alumni server S, and the identity of the operation object owner A from the message, compares them, and determines the entrustment mode according to the comparison result.

(4)此XDMS根据从消息中获得的消息发布者标识,操作对象和操作类型,对照A存储在此XDMS中的XDM授权规则确定校友录服务器S有权代理用户A执行此XDM操作,然后向用户A的好友列表中增加用户B为好友。(4) According to the message publisher ID, operation object and operation type obtained from the message, the XDMS determines that the alumni server S has the right to perform the XDM operation on behalf of user A in comparison with the XDM authorization rules stored by A in this XDMS, and then sends Add user B as a friend to user A's friend list.

步骤(1)中,用户A在相应XDMS上设置XDM委托授权规则时向相应XDMS发送下面的消息:In step (1), user A sends the following message to the corresponding XDMS when setting the XDM delegation authorization rules on the corresponding XDMS:

其中<cr:rule id=ck81>元素说明定义的一条规则,而其中的三个子元素:Among them, the <cr:rule id=ck81> element describes a defined rule, and the three sub-elements:

<cr:conditions>说明规则适用的条件,即当消息请求者是<cr:id>元素中指明的校友录服务器时适用本规则。<cr:conditions> indicates the applicable conditions of the rule, that is, this rule applies when the message requester is the alumni server specified in the <cr:id> element.

<cr:action>元素说明规则适用时,XDM服务器相应的动作,其中,第一个子元素说明允许进行GET操作,第二个子元素说明允许允许进行PUT操作,第三个子元素说明不允许进行DELETE操作;需要说明的一点是,这里没有指定是否允许POST操作,实际中,XDM服务器可以有默认的动作,在此常用的默认动作为拒绝,即对于没有定义的操作,服务器拒绝执行。The <cr:action> element describes the corresponding action of the XDM server when the rules apply. Among them, the first sub-element indicates that the GET operation is allowed, the second sub-element indicates that the PUT operation is allowed, and the third sub-element indicates that the DELETE is not allowed Operation; It should be noted that it does not specify whether to allow the POST operation. In practice, the XDM server can have a default action, and the commonly used default action here is deny, that is, the server refuses to execute the operation that is not defined.

<cr:transformation>元素说明本规则所述操作的操作对象,在此为对应的XML文档中的名为”My_Middle_School_Classmates”的列表。The <cr:transformation> element specifies the operation object of the operation described in this rule, here the list named "My_Middle_School_Classmates" in the corresponding XML document.

    PUTPUT

http://xcap.example.com/services/shared-xdms/users/sip:userA@example.comhttp://xcap.example.com/services/shared-xdms/users/sip:userA@example.com

/xdm_delegation_rules.xml HTTP/1.1/xdm_delegation_rules.xml HTTP/1.1

    Content-Type:application/auth-policy+xmlContent-Type: application/auth-policy+xml

    Content-Length:(...)Content-Length: (...)

    <?xml version=″1.0″encoding=″UTF-8″?><? xml version="1.0" encoding="UTF-8"? >

    <cr:ruleset<cr:ruleset

        xmlns:op=″urn:oma:params:xml:ns:pres-rules″xmlns:op="urn:oma:params:xml:ns:pres-rules"

        xmlns:pr=″urn:ietf:params:xml:ns:pres-rules″xmlns:pr="urn:ietf:params:xml:ns:pres-rules"

        xmlns:cr=″urn:ietf:params:xml:ns:common-policy″xmlns:cr="urn:ietf:params:xml:ns:common-policy"

       xmlns:xsi=″http://www.w3.org/2001/XMLSchema-instance″>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

      <cr:rule id=″ck81″><cr:rule id="ck81">

        <cr:conditions><cr:conditions>

          <cr:identity><cr:identity>

            <cr:id>sip:alumin@exampleservice.com</cr:id><cr:id>sip:alumin@exampleservice.com</cr:id>

          </cr:identity></cr:identity>

        </cr:conditions></cr:conditions>

        <cr:actions><cr:actions>

          <get>allow</get><get>allow</get>

          <put>allow></put><put>allow></put>

          <delete>deny</delete><delete>deny</delete>

        </cr:actions></cr:actions>

        <cr:transformations><cr:transformations>

<xpath>/resource-lists/list[@name=”My_Middle_School_Classmates”]<xpath>/resource-lists/list[@name="My_Middle_School_Classmates"]

</xpath></xpath>

        </cr:transformations></cr:transformations>

      </cr:rule></cr:rule>

    </cr:ruleset></cr:ruleset>

假定校友录服务器S的sip地址为:sip:alumni@exampleservice.com,用户A的XDM委托授权文档HTTP URI为Assume that the sip address of the alumni server S is: sip:alumni@exampleservice.com, and the HTTP URI of the XDM delegation authorization document of user A is

http://xcap.example.com/services/shared-xdms/users/sip:userA@example.comhttp://xcap.example.com/services/shared-xdms/users/sip:userA@example.com

/xdm_delegation_auth.xml。/xdm_delegation_auth.xml.

其中:in:

sip:alumni@exampleservice.com为授权对象的标识,表示此授权规则定义对校友录服务器的访问控制;sip:alumni@exampleservice.com is the identifier of the authorization object, indicating that this authorization rule defines access control to the alumni server;

<get>allow</get>,表示允许校友录服务器读取,<put>allow</put>表示允许校友录服务器执行PUT操作,<delete>deny</delete>表示不允许校友录服务器执行DELETE操作;<get>allow</get>, means that the alumni server is allowed to read, <put>allow</put> means that the alumni server is allowed to perform PUT operations, <delete>deny</delete> means that the alumni server is not allowed to execute DELETE operate;

<xpath>/resource-lists/list[@name=”My_Middle_School_Classmates”]</xpath>表示允许校友录服务器操作My_Middel_School_Classmates列表。<xpath>/resource-lists/list[@name="My_Middle_School_Classmates"]</xpath> indicates that the alumni server is allowed to operate the My_Middel_School_Classmates list.

相应XDMS收到此消息后,创建XDM委托授权规则。After the corresponding XDMS receives this message, it creates an XDM delegation authorization rule.

其中步骤5)中校友录服务器向A的好友列表中增加用户B时向相应XDMS发送的消息为:Among them, in step 5), when the alumni record server adds user B to A's friend list, the message sent to the corresponding XDMS is:

    PUTPUT

http://xcap.example.com/services/shared-lists/users/sip:userA@example.com/http://xcap.example.com/services/shared-lists/users/sip:userA@example.com/

friends.xml/~~/resource-lists/list[@name=″My_friends″]/entry[@uri=″sip:friefriends.xml/~~/resource-lists/list[@name="My_friends"]/entry[@uri="sip:frie

nd2@example.com″]HTTP/1.1nd2@example.com″]HTTP/1.1

    Content-Type:application/xcap-el+xmlContent-Type: application/xcap-el+xml

    Content-Length:(...)Content-Length: (...)

    <?xml version=″1.0″encoding=″UTF-8″?><? xml version="1.0" encoding="UTF-8"? >

     <entry uri=″sip:friend2@example.com″><entry uri="sip:friend2@example.com">

       <display-name>Friend2</display-name><display-name>Friend2</display-name>

    </entry></entry>

XDMS中的委托检查和处理模块从此消息中获取消息发布者的标识“sip:alumni@exampleservice.com”,以及操作对象拥有者的标识“sip:userA@example.com”,比较两个标识结果不同,判断出此XDM操作请求为委托方式。然后参照步骤1)中设置的XDM委托授权规则,确定校友录服务器S有执行此操作的授权,然后通过XDMS执行此XDM操作。The entrusted checking and processing module in XDMS obtains the identifier "sip:alumni@exampleservice.com" of the message publisher and the identifier "sip:userA@example.com" of the owner of the operation object from this message, and the result of comparing the two identifiers is different , it is determined that the XDM operation request is in the delegation mode. Then refer to the XDM entrusted authorization rule set in step 1), confirm that the alumni server S is authorized to perform this operation, and then perform this XDM operation through XDMS.

本发明的第四实施例为一种XML文档访问控制方法,包括:The fourth embodiment of the present invention is an XML document access control method, comprising:

步骤A:判断请求访问XML文档的XML文档访问客户端是否满足XML文档访问条件,若是则执行B,否则退出本处理过程;Step A: Determine whether the XML document access client requesting to access the XML document satisfies the XML document access condition, if so, execute B, otherwise exit the process;

步骤B:根据规定的满足XML文档访问条件的XML文档访问客户端执行的对XML文档特定部分的访问操作,执行XML文档访问客户端对XML文档的特定部分请求执行的规定的XML文档访问操作。Step B: According to the specified XML document access operation executed by the XML document access client satisfying the XML document access conditions, the specified XML document access operation requested by the XML document access client for the specific part of the XML document is executed.

步骤A中,可以按照上述实施例的方式,将XML文档管理操作客户端的身份标识与预定的满足XML文档访问条件的XML文档访问客户端身份标识进行对比,若二者匹配则XML文档访问客户端满足XML文档访问条件,否则XML文档访问客户端不满足XML文档访问条件.预定的满足XML文档访问条件的XML文档访问客户端身份标识可以是该XML文档的拥有者自身的身份标识,也可以是其它的预定可以访问该XML文档的访问客户端的身份标识.当XML文档访问客户端与该XML文档的拥有者自身的身份标识匹配时,则表示该XML文档访问客户端为该XML文档的拥有者自身,此时该XML文档访问客户端具有较大的访问操作权限,可以按照一般的XML文档访问过程进行XML文档的访问操作,也可以按照本方法规定的对该XML文档的访问操作.当XML文档访问客户端的身份标识与其它的预定可以访问该XML文档的访问客户端的身份标识匹配时,则表示该XML文档访问客户端为委托的可以对该XML文档进行访问操作的客户端.In step A, the identity of the XML document management operation client can be compared with the predetermined XML document access client identity that satisfies the XML document access conditions according to the method of the above-mentioned embodiment, and if the two match, the XML document access client Satisfy the XML document access conditions, otherwise the XML document access client does not meet the XML document access conditions. The predetermined XML document access client identity that meets the XML document access conditions can be the identity of the owner of the XML document itself, or it can be The identity of other access clients who are scheduled to access the XML document. When the XML document access client matches the identity of the owner of the XML document, it means that the XML document access client is the owner of the XML document By itself, at this time, the XML document access client has greater access and operation rights, and can perform the access operation of the XML document according to the general XML document access process, and can also perform the access operation of the XML document according to the provisions of this method. When XML When the identity of the document access client matches the identity of other access clients that are scheduled to access the XML document, it means that the XML document access client is the entrusted client that can access the XML document.

另外,在步骤A中,还可以采用即时确认的方式,即,将请求对XML文档进行访问操作的XML文档访问客户端的相关信息发送到XML文档拥有者客户端进行确认,并接收XML文档拥有者客户端返回的确认信息,若确认结果为该XML文档访问客户端满足XML文档访问条件,则XML文档访问客户端满足XML文档访问条件,否则不满足XML文档访问条件。通过现有技术并参照上述实施例,这一过程很容易实现,这里不再赘述。In addition, in step A, an instant confirmation method can also be adopted, that is, the relevant information of the XML document access client requesting to access the XML document is sent to the XML document owner client for confirmation, and the XML document owner receives In the confirmation information returned by the client, if the confirmation result is that the XML document access client meets the XML document access condition, the XML document access client meets the XML document access condition, otherwise it does not meet the XML document access condition. This process is easy to implement with prior art and with reference to the above-mentioned embodiments, and details will not be repeated here.

步骤A中的XML文档访问条件至少包括不限于下述中之一:XML文档访问客户端的身份信息条件;规定的有效期条件;请求者的位置信息条件。比如,上述第一实施例中列出的Identity,Domain,Validity,Sphere等。The XML document access condition in step A at least includes but not limited to one of the following: the identity information condition of the XML document access client; the specified validity period condition; the requester's location information condition. For example, Identity, Domain, Validity, and Sphere listed in the first embodiment above.

步骤B中所述的规定包括:满足XML文档访问条件的XML文档访问客户端可进行访问操作的XML文档的特定部分。XML文档的特定部分可以XCAP URI标识。可进行的访问操作可以为读取操作HTTP GET,写入操作HTTP PUT,删除操作HTTP DELETE,检索操作HTTP POST,等。The stipulation in step B includes: the XML document that meets the XML document access condition accesses a specific part of the XML document that the client can perform an access operation on. Specific parts of an XML document can be identified by XCAP URIs. Available access operations can be HTTP GET for read operations, HTTP PUT for write operations, HTTP DELETE for delete operations, HTTP POST for retrieval operations, etc.

在步骤B还可以包括:将执行结果信息“200OK”发送XML文档访问客户端。Step B may further include: sending the execution result information "200 OK" to the XML document access client.

上述实施例只是用于说明本发明的具体的实施方式,并非用于本发明的保护范围的限制。本领域技术人员可以根据本发明的基本思想或上述内容,而作出各种变型或改进,只要其落入本发明的权利要求书所确定的保护范围或其等同内,都应该被本发明所涵盖。The above-mentioned examples are only used to illustrate specific implementations of the present invention, and are not intended to limit the scope of protection of the present invention. Those skilled in the art can make various modifications or improvements according to the basic idea of the present invention or the above-mentioned contents, as long as they fall within the scope of protection defined by the claims of the present invention or their equivalents, they should all be covered by the present invention .

Claims (22)

1. XML document management method may further comprise the steps:
Step 1:XML document management client is sent the XML document management operation request to the XML document management server;
Step 2:XML document management server receives the XML document management operation request of described XML document administrative client and judges whether the request of XML document administrative client satisfies the effective term of the delegable rule of described XML document bookkeeping, and the effective term of the delegable rule of described XML document bookkeeping comprises the identity information condition of XML document access client at least;
Step 3: when the effective term of delegable rule of XML document bookkeeping is satisfied in the request of XML document administrative client, the XML document bookkeeping of executing rule regulation.
2. XML document management method as claimed in claim 1 is characterized in that, wherein said step 2 comprises:
Identity information according to this XML document administrative client of acquisition request of XML document administrative client;
The identity information condition of the XML document access client in the effective term of the identity information of the XML document administrative client that obtained and described delegable rule is compared, if the two coupling, the identity of then described XML document administrative client satisfies the identity information condition of XML document access client of the effective term of described delegable rule.
3. XML document management method as claimed in claim 1 is characterized in that, the XML document bookkeeping of wherein said regular defined comprises:
Cura specialis operation to the XML document specific part.
4. XML document management method as claimed in claim 3 is characterized in that, the regulation of wherein said cura specialis operation to the XML document specific part one of comprises in following at least:
Carry out or do not carry out read operation to the XML document specific part;
Carry out or do not carry out write operation to the XML document specific part;
Carry out or do not carry out deletion action to the XML document specific part;
Carry out or do not carry out search operaqtion to the XML document specific part.
5. XML document management method as claimed in claim 4, it is characterized in that, the specific part of described XML document identifies with XCAP URI, described read operation is HTTP GET operation, said write is operating as HTTP PUT operation, described deletion action is HTTP DELETE operation, and described search operaqtion is HTTP POST operation.
6. XML document management method as claimed in claim 1 is characterized in that, wherein also comprises step before described step 1:
Formulate and on the XML document management server, store and move the delegable rule of described XML document bookkeeping.
7. XML document management method as claimed in claim 6 is characterized in that, wherein said rule is formulated by XML document owner client, and sends to described XML document management server by described XML document owner's client.
8. XML document management method as claimed in claim 6 is characterized in that, wherein said rule is formulated by the XML document management server.
9. XML document management method as claimed in claim 1 is characterized in that,
Also comprising step before the described step 1: the delegable rule of formulating and on the XML document management server, store and move described XML document bookkeeping;
The effective term of the delegable rule of described XML document bookkeeping comprises the identity information condition of XML document access client at least;
Described step 2 comprises: according to the identity information of this XML document administrative client of acquisition request of XML document administrative client; The identity information condition of the XML document access client in the effective term of the identity information of the XML document administrative client that obtained and described delegable rule is compared, if the two coupling, the identity of then described XML document administrative client satisfies the identity information condition of XML document access client of the effective term of described delegable rule;
The XML document bookkeeping of described regular defined one of comprises in following at least:
Carry out or do not carry out read operation to the XML document specific part;
Carry out or do not carry out write operation to the XML document specific part;
Carry out or do not carry out deletion action to the XML document specific part;
Carry out or do not carry out search operaqtion to the XML document specific part,
The specific part of wherein said XML document is with XCAP URI sign, and described read operation is operating as HTTP PUT operation for HTTP GET operation, said write, and described deletion action is the HTTPDELETE operation, and described search operaqtion is HTTP POST operation.
10. as each described XML document management method in the claim 1 to 9, it is characterized in that, wherein in described step 3, when the effective term of delegable rule of XML document bookkeeping is not satisfied in the request of XML document administrative client, carry out unauthorized trust processing procedure, comprising:
Judge whether described XML document administrative client is this XML document owner, if this XML document administrative client is this XML document owner, then carry out general XML document bookkeeping, otherwise refuse the bookkeeping of this XML document administrative client described XML document.
11. XML document management method as claimed in claim 10 is characterized in that, described XML document administrative client is the subscriber equipment terminal, its with described XML document management server between be connected by Aggregation Proxy and realize.
12. XML document management method as claimed in claim 11 is characterized in that it also comprises:
Step 4: described XML document management server sends to described XML document administrative client with XML document bookkeeping execution result information.
13. XML document management system, comprise XML document administrative client and XML document management server, described XML document administrative client is connected with the XML document management server, it is characterized in that, between described XML document administrative client and XML document management server, also be provided with the XML document bookkeeping and entrust inspection and processing unit, whether the XML document operation that this XML document bookkeeping entrusts inspection and processing unit to verify that described XML document administrative client is asked is the authorization trust formula, and the XML document bookkeeping that execution XML document administrative client is asked is handled accordingly.
14. XML document management system as claimed in claim 13 is characterized in that, wherein said XML document bookkeeping entrusts inspection and processing unit to comprise:
Entrust and check module, be used to check whether the XML document bookkeeping that the XML document administrative client is asked is way of bailment;
Authorization handler module is used to judge whether the way of bailment of entrusting the inspection module to determine is the way of bailment of mandate, and according to regular execution of delegable the cura specialis of XML document specific part is operated when way of bailment is the way of bailment of authorizing.
15. XML document management system as claimed in claim 14 is characterized in that, the specific part of wherein said XML document is with XCAP URI sign, and described cura specialis operation one of comprises in following at least:
Read operation HTTP GET;
Write operation HTTP PUT;
Deletion action HTTP DELETE;
Search operaqtion HTTP POST.
16. XML document management system as claimed in claim 15, it is characterized in that, it also comprises XML document owner client, this XML document owner client is connected with described XML document management server, the user sends the corresponding XML document delegable rule of this XML document owner document by described XML document owner's client to described XML document management server, sets up the bookkeeping delegable rule of this XML document.
17. as each described XML document management system in the claim 13 to 16, it is characterized in that, it also comprises Aggregation Proxy and SIP/IP Core, transmit information by described Aggregation Proxy between described XML document administrative client and the XML document management server, described SIP/IP Core is used to handle the subscribing message between described XML document administrative client and the described XML document management server.
18. an XML document access control method comprises:
Steps A: the XML document access client identify label of judging request visit XML document whether with described XML document owner outside the XML document access client identify label of effective term of the delegable rule that satisfies the XML document bookkeeping be complementary, if then carry out B, otherwise withdraw from this processing procedure, the effective term of the delegable rule of described XML document bookkeeping comprises the identity information condition of XML document access client at least;
Step B: the accessing operation that the XML document access client of the effective term of the delegable rule that satisfies the XML document bookkeeping is according to the rules carried out to the XML document specific part, carry out the XML document accessing operation of described XML document access client to the regulation of the specific part request execution of described XML document.
19. XML document access control method as claimed in claim 18 is characterized in that, wherein the effective term of the delegable rule of the XML document bookkeeping described in the steps A one of comprises in following at least:
The term of validity condition of described regulation;
Requestor's positional information condition.
20. XML document access control method as claimed in claim 19 is characterized in that, wherein the regulation described in the step B comprises:
Can the conduct interviews specific part of XML document of operation of the XML document access client of effective term that satisfies the delegable rule of XML document bookkeeping;
Described XML document access client is to the executable accessing operation of the specific part of described XML document, one of comprises at least in following:
Read operation;
Write operation;
Deletion action;
Search operaqtion.
21. XML document access control method as claimed in claim 20 is characterized in that, wherein step B also comprises:
Execution result information is sent described XML document access client.
22. as claim 20 or 21 described XML document access control methods, it is characterized in that, the specific part of described XML document identifies with XCAP URI, described read operation is the HTTPGET operation, said write is operating as HTTP PUT operation, described deletion action is the HTTPDELETE operation, and described search operaqtion is HTTP POST operation.
CN200610033602A 2006-02-10 2006-02-10 XML Document Management System and Its Method and XML Document Access Control Method Expired - Fee Related CN1859402B (en)

Priority Applications (9)

Application Number Priority Date Filing Date Title
CN200610033602A CN1859402B (en) 2006-02-10 2006-02-10 XML Document Management System and Its Method and XML Document Access Control Method
PCT/CN2006/003659 WO2007090332A1 (en) 2006-02-10 2006-12-29 A method and system for managing xml document
AT06840689T ATE475234T1 (en) 2006-02-10 2006-12-29 METHOD AND SYSTEM FOR MANAGING AN XML DOCUMENT
DE602006015706T DE602006015706D1 (en) 2006-02-10 2006-12-29 Method and system for managing an XML document
CNA200680013175XA CN101164278A (en) 2006-02-10 2006-12-29 XML document management method and system
KR1020087021772A KR101008121B1 (en) 2006-02-10 2006-12-29 WLML Document Management Method and System
EP06840689A EP1983683B1 (en) 2006-02-10 2006-12-29 A method and system for managing XML document
US11/969,603 US8812696B2 (en) 2006-02-10 2008-01-04 Extensible markup language document management method and system
US14/326,054 US9208336B2 (en) 2006-02-10 2014-07-08 Extensible markup language document management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200610033602A CN1859402B (en) 2006-02-10 2006-02-10 XML Document Management System and Its Method and XML Document Access Control Method

Publications (2)

Publication Number Publication Date
CN1859402A CN1859402A (en) 2006-11-08
CN1859402B true CN1859402B (en) 2010-05-12

Family

ID=37298264

Family Applications (2)

Application Number Title Priority Date Filing Date
CN200610033602A Expired - Fee Related CN1859402B (en) 2006-02-10 2006-02-10 XML Document Management System and Its Method and XML Document Access Control Method
CNA200680013175XA Pending CN101164278A (en) 2006-02-10 2006-12-29 XML document management method and system

Family Applications After (1)

Application Number Title Priority Date Filing Date
CNA200680013175XA Pending CN101164278A (en) 2006-02-10 2006-12-29 XML document management method and system

Country Status (1)

Country Link
CN (2) CN1859402B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9208336B2 (en) 2006-02-10 2015-12-08 Huawei Technologies Co., Ltd. Extensible markup language document management method and system

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104184973A (en) * 2007-02-02 2014-12-03 索尼株式会社 Information processing device and method
CN101878633A (en) 2007-11-30 2010-11-03 爱立信电话股份有限公司 Method and apparatus for use in xml document management architecture
CN101286875B (en) * 2008-03-31 2011-11-16 华为技术有限公司 Method, system, device and terminal for batch processing XML document
CN102084622A (en) * 2008-07-03 2011-06-01 爱立信电话股份有限公司 Communicating configuration information in a communications network
CN101626365B (en) * 2008-07-11 2013-03-27 中兴通讯股份有限公司 Directory server and system and method for realizing LDAP extended operation
CN101795259B (en) * 2009-02-03 2012-10-17 华为技术有限公司 Method for creating entity tag and user data center
CN101719909B (en) * 2009-11-23 2012-05-02 烽火通信科技股份有限公司 Method for realizing XCAP client in home gateway
US8938668B2 (en) * 2011-08-30 2015-01-20 Oracle International Corporation Validation based on decentralized schemas
CN103684789B (en) * 2013-12-14 2017-01-04 中国航空工业集团公司第六三一研究所 The identity identifying method based on XML of onboard networks service system application
CN104331522B (en) * 2014-11-28 2018-03-30 迈普通信技术股份有限公司 OEM information method for customizing and OEM equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1462949A1 (en) * 2003-03-22 2004-09-29 Cegumark AB A system and method relating to access of information
CN1618066A (en) * 2001-11-23 2005-05-18 捷讯研究有限公司 System and method for processing extensible markup language (xml) documents
CN1627690A (en) * 2003-12-10 2005-06-15 联想(北京)有限公司 Method for intelligent sharing file resources wireless network grids
CN1656482A (en) * 2002-05-31 2005-08-17 特伦诺有限公司 Method and arrangement for personalization of series and applications in telecommunication networks using a user profile web portal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1618066A (en) * 2001-11-23 2005-05-18 捷讯研究有限公司 System and method for processing extensible markup language (xml) documents
CN1656482A (en) * 2002-05-31 2005-08-17 特伦诺有限公司 Method and arrangement for personalization of series and applications in telecommunication networks using a user profile web portal
EP1462949A1 (en) * 2003-03-22 2004-09-29 Cegumark AB A system and method relating to access of information
CN1627690A (en) * 2003-12-10 2005-06-15 联想(北京)有限公司 Method for intelligent sharing file resources wireless network grids

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9208336B2 (en) 2006-02-10 2015-12-08 Huawei Technologies Co., Ltd. Extensible markup language document management method and system

Also Published As

Publication number Publication date
CN1859402A (en) 2006-11-08
CN101164278A (en) 2008-04-16

Similar Documents

Publication Publication Date Title
US9208336B2 (en) Extensible markup language document management method and system
CN101507187B (en) Systems and methods for presence notification based on presence attributes
US8046476B2 (en) Access right control using access control alerts
Rosenberg Presence authorization rules
EP2343866B1 (en) Network-based system for social interactions between users
JP2004512594A (en) How to control access to Internet sites
US20090019517A1 (en) Method and System for Restricting Access of One or More Users to a Service
CN1859402B (en) XML Document Management System and Its Method and XML Document Access Control Method
KR101152772B1 (en) System and method for implementing a publication
CN101160879B (en) Method and system, server and unit for setting configuration information of a presentity client
CN102402660B (en) Obtain the clear and definite authority in protected content
CN101087446B (en) A system and method for cluster session
Alliance XML Document Management (XDM) Specification
JP7119797B2 (en) Information processing device and information processing program
Kapanipathi et al. Privacy-aware and scalable content dissemination in distributed social networks
Alliance XML Document Management (XDM) Specification
EP2677712B1 (en) Method, system and computer program for obtaining the level of user recognition of statements
KR101199339B1 (en) Server, device and the method for providing community services based on co-ownership
Bormann RFC 9237: An Authorization Information Format (AIF) for Authentication and Authorization for Constrained Environments (ACE)
KR20110029354A (en) Method and system for managing user profile information
Rahman et al. Presence: 1 Service
Ali DRINKS MM Marrache Internet-Draft Jerusalem College of Technology Intended status: Standards Track DS Schwartz Expires: October 24, 2013 XConnect
Rosenberg RFC 5025: Presence Authorization Rules
Alliance OMA-TS-Presence_SIMPLE-V2_0-20081223-C
Alliance OMA-TS-Presence_SIMPLE-V2_0-20090917-C

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100512

CF01 Termination of patent right due to non-payment of annual fee