{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T08:58:44Z","timestamp":1762505924494,"version":"3.41.0"},"reference-count":48,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2012,5,1]],"date-time":"2012-05-01T00:00:00Z","timestamp":1335830400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100003407","name":"Ministero dell'Istruzione, dell'Universit\u00e0 e della Ricerca","doi-asserted-by":"publisher","award":["2008SY2PH4"],"award-info":[{"award-number":["2008SY2PH4"]}],"id":[{"id":"10.13039\/501100003407","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-11-1-0340"],"award-info":[{"award-number":["W911NF-11-1-0340"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CT-20013A and CCF-1037987"],"award-info":[{"award-number":["CT-20013A and CCF-1037987"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004963","name":"Seventh Framework Programme","doi-asserted-by":"publisher","award":["257129"],"award-info":[{"award-number":["257129"]}],"id":[{"id":"10.13039\/501100004963","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-09-1-0421"],"award-info":[{"award-number":["FA9550-09-1-0421"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CT-20013A and CCF-1037987"],"award-info":[{"award-number":["CT-20013A and CCF-1037987"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Web"],"published-print":{"date-parts":[[2012,5]]},"abstract":"<jats:p>The widespread diffusion of Web-based services provided by public and private organizations emphasizes the need for a flexible solution for protecting the information accessible through Web applications. A promising approach is represented by credential-based access control and trust management. However, although much research has been done and several proposals exist, a clear obstacle to the realization of their benefits in data-intensive Web applications is represented by the lack of adequate support in the DBMSs. As a matter of fact, DBMSs are often responsible for the management of most of the information that is accessed using a Web browser or a Web service invocation.<\/jats:p>\n          <jats:p>In this article, we aim at eliminating this gap, and present an approach integrating trust management with the access control of the DBMS. We propose a trust model with a SQL syntax and illustrate an algorithm for the efficient verification of a delegation path for certificates. Our solution nicely complements current trust management proposals allowing the efficient realization of the services of an advanced trust management model within current relational DBMSs. An important benefit of our approach lies in its potential for a robust end-to-end design of security for personal data in Web scenario, where vulnerabilities of Web applications cannot be used to violate the protection of the data residing on the database server. We also illustrate the implementation of our approach within an open-source DBMS discussing design choices and performance impact.<\/jats:p>","DOI":"10.1145\/2180861.2180863","type":"journal-article","created":{"date-parts":[[2012,6,1]],"date-time":"2012-06-01T15:51:28Z","timestamp":1338565888000},"page":"1-43","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Integrating trust management and access control in data-intensive Web applications"],"prefix":"10.1145","volume":"6","author":[{"given":"Sabrina De Capitani Di","family":"Vimercati","sequence":"first","affiliation":[{"name":"DTI, Universit\u00e0 degli Studi di Milano, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sara","family":"Foresti","sequence":"additional","affiliation":[{"name":"DTI, Universit\u00e0 degli Studi di Milano, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sushil","family":"Jajodia","sequence":"additional","affiliation":[{"name":"CSIS, George Mason University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefano","family":"Paraboschi","sequence":"additional","affiliation":[{"name":"DIIMM, Universit\u00e0 degli Studi di Bergamo, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giuseppe","family":"Psaila","sequence":"additional","affiliation":[{"name":"DIIMM, Universit\u00e0 degli Studi di Bergamo, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pierangela","family":"Samarati","sequence":"additional","affiliation":[{"name":"DTI, Universit\u00e0 degli Studi di Milano, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2012,6,4]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2005.64"},{"key":"e_1_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Blaze M. Feigenbaum J. Ioannidis J. and Keromytis A. 1999. The KeyNote trust management system (version 2). Internet RFC 2704. http:\/\/www.crypto.com\/papers\/rfc2704.txt.   Blaze M. Feigenbaum J. Ioannidis J. and Keromytis A. 1999. The KeyNote trust management system (version 2). Internet RFC 2704. http:\/\/www.crypto.com\/papers\/rfc2704.txt.","DOI":"10.17487\/rfc2704"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy. IEEE","author":"Blaze M.","key":"e_1_2_1_3_1","unstructured":"Blaze , M. , Feigenbaum , J. , and Lacy , J . 1996. Decentralized trust management . In Proceedings of the IEEE Symposium on Security and Privacy. IEEE , Los Alamitos, CA. Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/603404.603407"},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 6th International Workshop on Database Programming Languages.","author":"Bonner A.","year":"1997","unstructured":"Bonner , A. 1997 . Transaction datalog: A compositional language for transaction programming . In Proceedings of the 6th International Workshop on Database Programming Languages. Bonner, A. 1997. Transaction datalog: A compositional language for transaction programming. In Proceedings of the 6th International Workshop on Database Programming Languages."},{"volume-title":"Rethinking Public Key Infrastructure and Digital Certificates","author":"Brands S.","key":"e_1_2_1_6_1","unstructured":"Brands , S. 2000. Rethinking Public Key Infrastructure and Digital Certificates . MIT Press , Cambridge, MA . Brands, S. 2000. Rethinking Public Key Infrastructure and Digital Certificates. MIT Press, Cambridge, MA."},{"volume-title":"Proceedings of the 20th Annual International Conference on the Theory and Applications of Cryptographic Techniques.","author":"Camenisch J.","key":"e_1_2_1_7_1","unstructured":"Camenisch , J. and Lysyanskaya , A . 2001. An efficient system for non-transferable anonymous credentials with optional anonymity revocation . In Proceedings of the 20th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Camenisch, J. and Lysyanskaya, A. 2001. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Proceedings of the 20th Annual International Conference on the Theory and Applications of Cryptographic Techniques."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/185827.185828"},{"volume-title":"Proceeding of the 23rd IEEE International Conference on Data Engineering. IEEE","author":"Chaudhuri S.","key":"e_1_2_1_9_1","unstructured":"Chaudhuri , S. , Dutta , T. , and Sudarshan , S . 2007. Fine-grained authorization through predicated grants . In Proceeding of the 23rd IEEE International Conference on Data Engineering. IEEE , Los Alamitos, CA. Chaudhuri, S., Dutta, T., and Sudarshan, S. 2007. Fine-grained authorization through predicated grants. In Proceeding of the 23rd IEEE International Conference on Data Engineering. IEEE, Los Alamitos, CA."},{"key":"e_1_2_1_10_1","volume-title":"REFEREE: Trust management for Web applications. World Wide Web J.l 2, 3, 127--139.","author":"Chu Y.","year":"1997","unstructured":"Chu , Y. , Feigenbaum , J. , Lamacchia , B. , Resnick , P. , and Strauss , M . 1997 . REFEREE: Trust management for Web applications. World Wide Web J.l 2, 3, 127--139. Chu, Y., Feigenbaum, J., Lamacchia, B., Resnick, P., and Strauss, M. 1997. REFEREE: Trust management for Web applications. World Wide Web J.l 2, 3, 127--139."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/512756.512758"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1229285.1229308"},{"key":"e_1_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Dierks T. and Rescorla E. 2008. The transport layer security (TLS) protocol (version 1.2). Internet RFC 5246. http:\/\/tools.ietf.org\/rfc\/rfc5246.txt.  Dierks T. and Rescorla E. 2008. The transport layer security (TLS) protocol (version 1.2). Internet RFC 5246. http:\/\/tools.ietf.org\/rfc\/rfc5246.txt.","DOI":"10.17487\/rfc5246"},{"key":"e_1_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Ellison C. 1999. SPKI requirements. Internet RFC 2692. http:\/\/www.ietf.org\/rfc\/rfc2692.txt.   Ellison C. 1999. SPKI requirements. Internet RFC 2692. http:\/\/www.ietf.org\/rfc\/rfc2692.txt.","DOI":"10.17487\/rfc2692"},{"key":"e_1_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Ellison C. Frantz B. Lampson B. Rivest R. Thomas B. and Lonen T. 1999. SPKI certificate theory. Internet RFC 2693. http:\/\/www.ietf.org\/rfc\/rfc2693.txt.   Ellison C. Frantz B. Lampson B. Rivest R. Thomas B. and Lonen T. 1999. SPKI certificate theory. Internet RFC 2693. http:\/\/www.ietf.org\/rfc\/rfc2693.txt.","DOI":"10.17487\/rfc2693"},{"key":"e_1_2_1_16_1","unstructured":"Freier A. O. Karlton P. and Kocher P. C. 1996. The SSL protocol (version 3.0). Netscape's final SSL3.0 draft. http:\/\/www.mozilla.org\/projects\/security\/pki\/nss\/ssl\/draft302.txt.  Freier A. O. Karlton P. and Kocher P. C. 1996. The SSL protocol (version 3.0). Netscape's final SSL3.0 draft. http:\/\/www.mozilla.org\/projects\/security\/pki\/nss\/ssl\/draft302.txt."},{"key":"e_1_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Housley R. Polk W. Ford W. and Solo D. 2002. Internet X.509 public key infrastructure certificate and CRL profile. Internet RFC 3280. http:\/\/www.ietf.org\/rfc\/rfc3280.txt.   Housley R. Polk W. Ford W. and Solo D. 2002. Internet X.509 public key infrastructure certificate and CRL profile. Internet RFC 3280. http:\/\/www.ietf.org\/rfc\/rfc3280.txt.","DOI":"10.17487\/rfc3280"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102128"},{"volume-title":"Database language SQL -- part 2: Foundation (SQL\/foundation)","year":"1999","key":"e_1_2_1_19_1","unstructured":"ISO. 1996. Database language SQL -- part 2: Foundation (SQL\/foundation) 1999 . ISO International Standard , ISO\/IEC9075. ISO. 1996. Database language SQL -- part 2: Foundation (SQL\/foundation) 1999. ISO International Standard, ISO\/IEC9075."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1142473.1142489"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266856"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180422"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455518.1455520"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368343"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1330295.1330297"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102129"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066100.1066103"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-005-0073-0"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/773065.773067"},{"key":"e_1_2_1_30_1","unstructured":"Lockhart H. Wisniewski T. Cantor S. Mishra P. and Lien J. 2007. Security assertion markup language (SAML) V2.0 tech. overview. OASIS working draft. http:\/\/www.oasisopen.org\/committees\/download.php\/22553\/sstc-saml-tech-overview-2200-draft-13.pdf.  Lockhart H. Wisniewski T. Cantor S. Mishra P. and Lien J. 2007. Security assertion markup language (SAML) V2.0 tech. overview. OASIS working draft. http:\/\/www.oasisopen.org\/committees\/download.php\/22553\/sstc-saml-tech-overview-2200-draft-13.pdf."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/646480.693776"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1247480.1247596"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/359657.359659"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455808"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDEW.2007.4401061"},{"key":"e_1_2_1_36_1","unstructured":"Rivest R. and Lampson B. 1996. SDSI - A simple distributed security infrastructure. http:\/\/people.csail .mit.edu\/rivest\/sdsi10.html.  Rivest R. and Lampson B. 1996. SDSI - A simple distributed security infrastructure. http:\/\/people.csail .mit.edu\/rivest\/sdsi10.html."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063979.1064004"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/645914.671639"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029133.1029140"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/11593980_10"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1178618.1178623"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.5555\/353686.353691"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2002.1067734"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352633"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy. IEEE","author":"Yu T.","key":"e_1_2_1_46_1","unstructured":"Yu , T. and Winslett , M . 2003. A unified scheme for resource protection in automated trust negotiation . In Proceedings of the IEEE Symposium on Security and Privacy. IEEE , Los Alamitos, CA. Yu, T. and Winslett, M. 2003. A unified scheme for resource protection in automated trust negotiation. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/501983.502004"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/605434.605435"}],"container-title":["ACM Transactions on the Web"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2180861.2180863","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2180861.2180863","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:54:21Z","timestamp":1750240461000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2180861.2180863"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,5]]},"references-count":48,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2012,5]]}},"alternative-id":["10.1145\/2180861.2180863"],"URL":"https:\/\/doi.org\/10.1145\/2180861.2180863","relation":{},"ISSN":["1559-1131","1559-114X"],"issn-type":[{"type":"print","value":"1559-1131"},{"type":"electronic","value":"1559-114X"}],"subject":[],"published":{"date-parts":[[2012,5]]},"assertion":[{"value":"2009-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-10-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2012-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}