{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T17:54:10Z","timestamp":1754157250187,"version":"3.41.2"},"reference-count":47,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2012,9,28]],"date-time":"2012-09-28T00:00:00Z","timestamp":1348790400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,9,28]]},"abstract":"Purpose<\/jats:title>The goal of this paper is to propose a data access control framework that is used for editing MARC\u2010based bibliographic databases. In cases where the bibliographic record editing activities carried out in libraries are complex and involve many people with different skills and expertise, a way of managing the workflow and data quality is needed. Enforcing access control can contribute to these goals.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>The proposed solution for data access control enforcement is based on the well\u2010studied standard role\u2010based access control (RBAC) model. The bibliographic data, for the purpose of this system, is represented using the XML language. The software architecture of the access control system is modelled using the Unified Modelling Language (UML).<\/jats:p><\/jats:sec>Findings<\/jats:title>The access control framework presented in this paper represents a successful application of concepts of role\u2010based access control to bibliographic databases. The use of XML language for bibliographic data representation provides the means to integrate this solution into many different library information systems, facilitates data exchange and simplifies the software implementation because of the abundance of available XML tools. The solution presented is not dependent on any particular XML schema for bibliographic records and may be used in different library environments. Its flexibility stems from the fact that access control rules can be defined at different levels of granularity and for different XML schemas.<\/jats:p><\/jats:sec>Research limitations\/implications<\/jats:title>This access control framework is designed to handle XML documents. Library systems that utilise bibliographic databases in other formats not easily convertible to XML would hardly integrate the framework into their environment.<\/jats:p><\/jats:sec>Practical implications<\/jats:title>The use of an access control enforcement framework in a bibliographic database can significantly improve the quality of data in organisations where record editing is performed by a large number of people with different skills. The examples of access control enforcement presented in this paper are extracted from the actual workflow for editing bibliographic records in the Belgrade City Library, the largest public city library in Serbia. The software implementation of the proposed framework and its integration in the BISIS library information system prove the practical usability of the framework. BISIS is currently deployed in over 40 university, public, and specialized libraries in Serbia.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>A proposal for enforcing access control in bibliographic databases is given, and a software implementation and its integration in a library information system are presented. The proposed framework can be used in library information systems that use MARC\u2010based cataloguing.<\/jats:p><\/jats:sec>","DOI":"10.1108\/02640471211275684","type":"journal-article","created":{"date-parts":[[2012,9,27]],"date-time":"2012-09-27T21:37:21Z","timestamp":1348781841000},"page":"623-652","source":"Crossref","is-referenced-by-count":3,"title":["Flexible access control framework for MARC records"],"prefix":"10.1108","volume":"30","author":[{"given":"Goran","family":"Sladi\u0107","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Branko","family":"Milosavljevi\u0107","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Du\u0161an","family":"Surla","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zora","family":"Konjovi\u0107","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022031620192273300_b1","doi-asserted-by":"crossref","unstructured":"Bai, Y. (2008), \u201cAccess control for XML document\u201d, Proceedings of the 21st International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, Wroclaw, Springer, Berlin, pp. 621\u201030.","DOI":"10.1007\/978-3-540-69052-8_65"},{"key":"key2022031620192273300_b2","doi-asserted-by":"crossref","unstructured":"Bao, Y., Song, J., Wang, D., Shen, D. and Yu, G. (2008), \u201cA role and context based access control model with UML\u201d, Proceedings of the 9th International Conference for Young Computer Scientists, Hunan, IEEE Computer Society, Los Alamitos, CA, pp. 1175\u201080.","DOI":"10.1109\/ICYCS.2008.528"},{"key":"key2022031620192273300_b3","unstructured":"Belgrade City Library (n.d.), available at: www.bgb.rs\/english (accessed 25 October 2010)."},{"key":"key2022031620192273300_b6","doi-asserted-by":"crossref","unstructured":"Bertino, E. and Ferrari, E. (2002), \u201cSecure and selective dissemination of XML documents\u201d, ACM Transactions on Information and System Security, Vol. 5 No. 3, pp. 290\u2010331.","DOI":"10.1145\/545186.545190"},{"key":"key2022031620192273300_b5","doi-asserted-by":"crossref","unstructured":"Bertino, E., Bonatti, P.A. and Ferrari, E. (2001b), \u201cTRBAC: a temporal role\u2010based access control model\u201d, ACM Transactions on Information and System Security, Vol. 4 No. 3, pp. 191\u2010233.","DOI":"10.1145\/501978.501979"},{"key":"key2022031620192273300_b7","doi-asserted-by":"crossref","unstructured":"Bertino, E., Carminati, B. and Ferrari, E. (2004), \u201cAccess control for XML documents and data\u201d, Information Security Technical Report, Vol. 9 No. 3, pp. 19\u201034.","DOI":"10.1016\/S1363-4127(04)00029-9"},{"key":"key2022031620192273300_b4","doi-asserted-by":"crossref","unstructured":"Bertino, E., Castano, S. and Ferrari, E. (2001a), \u201cSecuring XML documents with Author\u2010X\u201d, IEEE Internet Computing, Vol. 5 No. 3, pp. 21\u201031.","DOI":"10.1109\/4236.935172"},{"key":"key2022031620192273300_b9","doi-asserted-by":"crossref","unstructured":"Bhatti, B., Bertino, E., Ghafoor, A. and Joshi, J. (2004), \u201cXML\u2010based specification for web services document security\u201d, Computer, Vol. 37 No. 4, pp. 41\u20109.","DOI":"10.1109\/MC.2004.1297300"},{"key":"key2022031620192273300_b8","unstructured":"Bhatti, R., Joshi, J., Bertino, E. and Ghafoo, A. (2003), \u201cAccess control in dynamic XML\u2010based web\u2010services with X\u2010RBAC\u201d, Proceedings of the 1st International Conference on Web Services, Las Vegas, NV."},{"key":"key2022031620192273300_b10","unstructured":"BISIS (n.d.), \u201cLibrary information system BISIS\u201d, available at: http:\/\/bisis.uns.ac.rs (accessed 25 October 2010)."},{"key":"key2022031620192273300_b11","doi-asserted-by":"crossref","unstructured":"Boberi\u0107, D. and Surla, D. (2009), \u201cXML editor for search and retrieval of bibliographic records in the Z39.50 standard\u201d, The Electronic Library, Vol. 27 No. 3, pp. 474\u201095.","DOI":"10.1108\/02640470910966916"},{"key":"key2022031620192273300_b12","doi-asserted-by":"crossref","unstructured":"Botha, A.R. and Eloff, J. (2001), \u201cA framework for access control in workflow environments\u201d, Information Management and Computer Security, Vol. 9 No. 3, pp. 126\u201033.","DOI":"10.1108\/09685220110394848"},{"key":"key2022031620192273300_b13","doi-asserted-by":"crossref","unstructured":"Chadwick, D., Xu, W., Otenko, S., Laborde, R. and Nasser, B. (2007), \u201cMulti\u2010session separation of duties (MSoD) for RBAC\u201d, Proceedings of the IEEE 23rd International Conference on Data Engineering Workshop, Istanbul, IEEE Computer Society, Los Alamitos, CA, pp. 744\u201053.","DOI":"10.1109\/ICDEW.2007.4401062"},{"key":"key2022031620192273300_b14","doi-asserted-by":"crossref","unstructured":"Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M. and Abowd, G.D. (2001), \u201cSecuring context\u2010aware applications using environment roles\u201d, Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, VA, ACM, New York, NY, pp. 10\u201020.","DOI":"10.1145\/373256.373258"},{"key":"key2022031620192273300_b15","doi-asserted-by":"crossref","unstructured":"Crampton, J. (2004), \u201cApplying hierarchical and role\u2010based access control to XML documents\u201d, Proceedings of the 2004 Workshop on Secure Web Service, Fairfax, VA, ACM, New York, NY, pp. 37\u201046.","DOI":"10.1145\/1111348.1111353"},{"key":"key2022031620192273300_b16","unstructured":"Crampton, J. (2006), \u201cApplying hierarchical and role\u2010based access control to XML documents\u201d, Computer Science and System Engineering, Vol. 21 No. 5, pp. 325\u201038."},{"key":"key2022031620192273300_b18","doi-asserted-by":"crossref","unstructured":"Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. (2002), \u201cA fine\u2010grained access control system for XML documents\u201d, ACM Transactions on Information and System Security, Vol. 5 No. 2, pp. 169\u2010202.","DOI":"10.1145\/505586.505590"},{"key":"key2022031620192273300_b17","doi-asserted-by":"crossref","unstructured":"Damiani, E., Samarati, P., De Capitani di Vimercati, S. and Paraboschi, S. (2001), \u201cControlling access to XML documents\u201d, IEEE Internet Computing, Vol. 5 No. 6, pp. 18\u201028.","DOI":"10.1109\/4236.968827"},{"key":"key2022031620192273300_b19","doi-asserted-by":"crossref","unstructured":"Damiani, M.L., Bertino, E., Catania, B. and Perlasca, P. (2007), \u201cGEO\u2010RBAC: a spatially aware RBAC\u201d, ACM Transactions on Information and System Security, Vol. 10 No. 1, pp. 1\u201042.","DOI":"10.1145\/1210263.1210265"},{"key":"key2022031620192273300_b20","doi-asserted-by":"crossref","unstructured":"Dimi\u0107, B. and Surla, D. (2009), \u201cXML Editor for UNIMARC and MARC21 cataloguing\u201d, The Electronic Library, Vol. 27 No. 3, pp. 509\u201028.","DOI":"10.1108\/02640470910966934"},{"key":"key2022031620192273300_b21","doi-asserted-by":"crossref","unstructured":"Dimi\u0107, B., Milosavljevi\u0107, B. and Surla, D. (2010), \u201cXML schema for UNIMARC and MARC 21 formats\u201d, The Electronic Library, Vol. 28 No. 2, pp. 245\u201062.","DOI":"10.1108\/02640471011033611"},{"key":"key2022031620192273300_b22","unstructured":"euroCRIS Current Research Information Systems (n.d.a), The European Organization for International Research Information, available at: www.eurocris.org (accessed 25 October 2010)."},{"key":"key2022031620192273300_b23","unstructured":"euroCRIS Current Research Information Systems (n.d.b), Common European Research Information Format, available at: www.eurocris.org\/cerif\/introduction (accessed 25 October 2010)."},{"key":"key2022031620192273300_b24","doi-asserted-by":"crossref","unstructured":"Ferraiolo, F.D., Ravi Sandhu, R., Gavrila, S., Richard, D.K. and Chandramouli, R. (2001), \u201cProposed NIST standard for role\u2010based access control\u201d, ACM Transactions on Information and System Security, Vol. 4 No. 3, pp. 224\u201074.","DOI":"10.1145\/501978.501980"},{"key":"key2022031620192273300_b25","doi-asserted-by":"crossref","unstructured":"Filho, J.B. and Martin, H. (2008), \u201cUsing context quality indicators for improving context\u2010based access control in pervasive environments\u201d, Proceedings of the IEEE\/IFIP International Conference on Embedded and Ubiquitous Computing, Shanghai, IEEE Computer Society, Los Alamitos, CA, pp. 285\u201090.","DOI":"10.1109\/EUC.2008.171"},{"key":"key2022031620192273300_b26","unstructured":"Han, W., Zhang, J. and Yao, X. (2005), \u201cContext\u2010sensitive access control model and implementation\u201d, Proceedings of the 5th International Conference on Computer and Information Technology (CIT), Shanghai, IEEE Computer Society, Los Alamitos, CA, pp. 757\u201063."},{"key":"key2022031620192273300_b28","doi-asserted-by":"crossref","unstructured":"Ivanovi\u0107, D., Surla, D. and Konjovi\u0107, Z. (2011a), \u201cCERIF compatible data model based on MARC21 format\u201d, The Electronic Library, Vol. 29 No. 1, pp. 52\u201070.","DOI":"10.1108\/02640471111111433"},{"key":"key2022031620192273300_b29","doi-asserted-by":"crossref","unstructured":"Ivanovi\u0107, D., Surla, D. and Rackovi\u0107, M. (2011b), \u201cA CERIF data model extension for evaluation and quantitative expression of scientific research results\u201d, Scientometrics, Vol. 86 No. 1, pp. 155\u201072.","DOI":"10.1007\/s11192-010-0228-2"},{"key":"key2022031620192273300_b27","doi-asserted-by":"crossref","unstructured":"Ivanovi\u0107, D., Milosavljevi\u0107, G., Milosavljevi\u0107, B. and Surla, D. (2010), \u201cA CERIF\u2010compatible research management system based on the MARC21 format\u201d, Program: electronic library and information systems, Vol. 44 No. 3, pp. 229\u201051.","DOI":"10.1108\/00330331011064249"},{"key":"key2022031620192273300_b30","doi-asserted-by":"crossref","unstructured":"Kudo, M. and Hada, S. (2000), \u201cXML document security based on provisional authorization\u201d, Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, ACM, New York, NY, pp. 87\u201096.","DOI":"10.1145\/352600.352613"},{"key":"key2022031620192273300_b31","doi-asserted-by":"crossref","unstructured":"Luo, B., Lee, D., Lee, W.C. and Liu, P. (2004), \u201cA flexible framework for architecting XML access control enforcement mechanisms\u201d, Proceedings of the VLDB Workshop on Secure Data Management in a Connected World (SDMCW), Toronto, Springer, Berlin, pp. 133\u201047.","DOI":"10.1007\/978-3-540-30073-1_10"},{"key":"key2022031620192273300_b32","doi-asserted-by":"crossref","unstructured":"Miklau, G. and Suciu, D. (2003), \u201cControlling access to published data using cryptography\u201d, Proceedings of the 29th International Conference on Very Large Data Bases, Berlin, VLDB Endowment, Inc, pp. 898\u2010909.","DOI":"10.1016\/B978-012722442-8\/50084-7"},{"key":"key2022031620192273300_b33","doi-asserted-by":"crossref","unstructured":"Milosavljevi\u0107, B. and Te\u0161endi\u0107, D. (2010), \u201cSoftware architecture of distributed client\/server library circulation\u201d, The Electronic Library, Vol. 28 No. 2, pp. 286\u201099.","DOI":"10.1108\/02640471011033648"},{"key":"key2022031620192273300_b34","doi-asserted-by":"crossref","unstructured":"Milosavljevi\u0107, B., Boberi\u0107, D. and Surla, D. (2010), \u201cRetrieval of bibliographic records using Apache Lucene\u201d, The Electronic Library, Vol. 28 No. 4, pp. 525\u201039.","DOI":"10.1108\/02640471011065355"},{"key":"key2022031620192273300_b35","doi-asserted-by":"crossref","unstructured":"Milosavljevi\u0107, G., Ivanovi\u0107, D., Surla, D. and Milosavljevi\u0107, B. (2011), \u201cAutomated construction of the user interface for a CERIF\u2010compliant research management system\u201d, The Electronic Library, Vol. 29 No. 5, pp. 565\u201088.","DOI":"10.1108\/02640471111177035"},{"key":"key2022031620192273300_b36","doi-asserted-by":"crossref","unstructured":"Murata, M., Tozawa, A., Kudo, M. and Hada, S. (2006), \u201cXML access control using static analysis\u201d, ACM Transactions on Information and System Security, Vol. 9 No. 3, pp. 292\u2010324.","DOI":"10.1145\/1178618.1178621"},{"key":"key2022031620192273300_b37","unstructured":"OASIS (n.d.), \u201cOASIS eXtensible Access Control Markup Language (XACML) TC\u201d, available at: www.oasis\u2010open.org\/committees\/xacml (accessed 4 January 2011)."},{"key":"key2022031620192273300_b38","doi-asserted-by":"crossref","unstructured":"Qi, N., Kudo, M., Myllymaki, J. and Pirahesh, H. (2005), \u201cA function\u2010based access control model for XML databases\u201d, Proceedings of the 14th ACM International Conference on Information and Knowledge Management, Bremen, ACM, New York, NY, pp. 115\u201022.","DOI":"10.1145\/1099554.1099577"},{"key":"key2022031620192273300_b39","doi-asserted-by":"crossref","unstructured":"Radenovi\u0107, J., Milosavlj?vi\u0107, B. and Surla, D. (2009), \u201cModelling and implementation of catalogue cards using FreeMarker\u201d, Program: electronic library and information systems, Vol. 43 No. 1, pp. 63\u201076.","DOI":"10.1108\/00330330910934110"},{"key":"key2022031620192273300_b40","doi-asserted-by":"crossref","unstructured":"Roder, P., Tafreschi, O. and Eckert, C. (2007), \u201cHistory\u2010based access control for XML documents\u201d, Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, Singapore, ACM, New York, NY, pp. 386\u20108.","DOI":"10.1145\/1229285.1229336"},{"key":"key2022031620192273300_b41","doi-asserted-by":"crossref","unstructured":"Rudi\u0107, G. and Surla, D. (2009), \u201cConversion of bibliographic records to MARC 21 format\u201d, The Electronic Library, Vol. 27 No. 6, pp. 950\u201067.","DOI":"10.1108\/02640470911004057"},{"key":"key2022031620192273300_b42","doi-asserted-by":"crossref","unstructured":"Sagaran, C., Dehghantanha, A. and Ramli, R. (2010), \u201cA user\u2010centered context\u2010sensitive privacy model in pervasive systems\u201d, Proceedings of the International Conference on Communication Software and Networks, Singapore, 2010, IEEE Computer Society, Los Alamitos, CA, pp. 78\u201082.","DOI":"10.1109\/ICCSN.2010.43"},{"key":"key2022031620192273300_b43","unstructured":"Sladi\u0107, G., Milosavljevi\u0107, B. and Konjovi\u0107, Z. (2007), \u201cExtensible access control model for XML document collections\u201d, ICETE SECRYPT: Proceedings of the 2nd International Conference on Security and Cryptography, Barcelona, INSTICC, Setubal, pp. 373\u201080."},{"key":"key2022031620192273300_b44","doi-asserted-by":"crossref","unstructured":"Strembeck, M. and Neumann, G. (2004), \u201cAn integrated approach to engineer and enforce context constraints in RBAC environments\u201d, ACM Transactions on Information and System Security, Vol. 7 No. 3, pp. 392\u2010427.","DOI":"10.1145\/1015040.1015043"},{"key":"key2022031620192273300_b45","doi-asserted-by":"crossref","unstructured":"Te\u0161endi\u0107, D., Milosavljevi\u0107, B. and Surla, D. (2009), \u201cA library circulation system for city and special libraries\u201d, The Electronic Library, Vol. 27 No. 1, pp. 162\u201086.","DOI":"10.1108\/02640470910934669"},{"key":"key2022031620192273300_b46","doi-asserted-by":"crossref","unstructured":"Vidakovi\u0107, M., Milosavljevi\u0107, B., Konjovi\u0107, Z. and Sladi\u0107, G. (2009), \u201cExtensible Java EE\u2010based agent framework and its application on distributed library catalogues\u201d, Computer Science and Information Systems (ComSIS), Vol. 6 No. 2, pp. 1\u201028.","DOI":"10.2298\/CSIS0902001V"},{"key":"key2022031620192273300_b47","doi-asserted-by":"crossref","unstructured":"Zhu, H., L\u00fc, K. and Jin, R. (2009), \u201cA practical mandatory access control model for XML databases\u201d, Information Sciences, Vol. 179 No. 8, pp. 1116\u201033.","DOI":"10.1016\/j.ins.2008.12.011"}],"container-title":["The Electronic Library"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/02640471211275684","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/02640471211275684\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/02640471211275684\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T23:43:10Z","timestamp":1753400590000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/el\/article\/30\/5\/623-652\/32220"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,9,28]]},"references-count":47,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2012,9,28]]}},"alternative-id":["10.1108\/02640471211275684"],"URL":"https:\/\/doi.org\/10.1108\/02640471211275684","relation":{},"ISSN":["0264-0473"],"issn-type":[{"type":"print","value":"0264-0473"}],"subject":[],"published":{"date-parts":[[2012,9,28]]}}}