JP2001229067A - Structured document description data processing apparatus and structured document description data processing program recording medium - Google Patents

Abstract

(57) [Summary] [PROBLEMS] To provide a security function for each component of structured document description data in display and retrieval of structured document description data such as XML data. SOLUTION: An access right data storage unit 7 for storing access right information assigned to each component of structured document description data for each user or each terminal is provided. In response to the access request for the structured document, the structured document description data in the requested structured document is compared with the access right information, and access permission / inhibition is determined for each component. As a result, only the components permitted to be accessed in the display of the requested structured document are analyzed and displayed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to an XML (Extensib)
le Markup Language) The present invention relates to a technology for displaying or searching structured document description data such as data. In particular, it specifies a user or a terminal that has made an access request and accesses each of the predefined components based on the information. The present invention relates to a structured document description data processing device and a structured document description data processing program recording medium for analyzing structured document description data according to rights.

[0002]

2. Description of the Related Art A typical structured document description language is SGML (Standard Generalized Markup Language).
e), HTML (Hyper Text Markup Language), XM
L and the like. Hereinafter, XML will be described as an example.

[0003] When displaying a structured document described in XML data, the XML data is analyzed based on definition information called DTD which defines each component (namely, tag) described in the XML data. The XML data is displayed. If there is no DTD, the display is performed using only the XML data. In this case, the display method of the XML data depends on a display system such as a Web browser.

In addition to the DTD, there is definition information called XSL which defines the size, color, and layout of a font used when displaying XML data. ) And analyzed and displayed by a display system such as a web browser.

[0005]

A feature of XML data is that its data structure is not uniquely determined. As long as the definition of the component (tag) called DTD is prepared, the user can freely define and display the component.

In the sense of security for XML data having such characteristics, conventionally, each XML
It was performed on the entire data, and no security was provided for each component. Further, when the definition of each component is changed according to the user, it is necessary to change the DTD.
The TD must be re-created, and the XML data must be analyzed and displayed, which is very inefficient.

[0007] The present invention solves the above-mentioned problems and analyzes structured document description data at the time of display or search in accordance with access right information previously given to each component. The purpose is to realize security against.

[0008]

According to the present invention, there is provided an access right for storing access right information given to each component of a structured document description data or an attribute or an attribute value of the component. A data storage unit is provided.
An access right analysis processing unit is also provided. The access right analysis processing unit collates the requested structured document description data with the access right information in response to an access request to the structured document description data, and Determine whether access is possible for each element. As a result, only the components permitted to be accessed in displaying the requested structured document description data are analyzed and displayed. As a result, security for each component of the structured document description data can be realized.

In response to a search request for structured document description data, the access right analysis processing section checks the structured document description data to be searched against the access right information, and determines whether or not access is possible for each component. Is determined, and only the components permitted to be accessed in the retrieval of the structured document description data requested are analyzed and retrieved.
As a result, a component whose access is prohibited can be excluded from the search target, and a user or terminal without access right can be made to appear as if the component does not exist.

[0010] The access right information is set for a user (or a user group; hereinafter the same) accessing the structured document description data, and the access right analysis processing unit determines only the components to which the user is permitted to access. Parse and search or display. Thus, a structured document in a different form can be shown to a user who is permitted to access and a user who is not permitted to access.

[0011] Alternatively, the access right information may be a terminal (or terminal group;
The same applies to the following), and the access right analysis processing unit analyzes and searches or displays only components that are permitted only when the user accesses from a specific terminal. Thus, for example, when a user accesses from an in-house terminal, a component part of a structured document important for security is transmitted, and when a user accesses from a terminal outside the company, a structured document important for security is transmitted. Can be transmitted.

[0012] Further, information regarding a processing method for each component of the structured document description data or an attribute or attribute value of the component is provided as access right information, and the processing method specified by the access right information is assigned to the corresponding component. On the basis of this, processing such as analysis, search, data editing / processing, and display can be performed. This makes it possible to present a specific component in various display forms in response to an access request from a specific user or a specific terminal.

A program for realizing each of the above processing means by a computer can be stored in an appropriate recording medium such as a computer-readable portable medium memory, a semiconductor memory, and a hard disk.

[0014]

FIG. 1 is a diagram showing a configuration example of the present invention. The XML data storage unit 1 stores XML data describing a structured document. The DTD data storage unit 2
Stores data describing the definition of the components (tags) of the XML data. The XSL data storage unit 3 stores definition information of a display method (font, layout information, and the like) of XML data.

The XML parser 4 analyzes the components in the XML data and checks whether the definition of the components is correctly described according to the DTD. The client discrimination processing unit 5 is configured such that the user
When the user accesses the XML data stored in the user ID, a user ID for identifying the user and a terminal ID for identifying the terminal (client terminal 12) used by the user are specified. As the terminal ID, for example, an IP address or the like can be used. The access right analysis processing unit 6 determines whether or not there is an access right to a component and a processing method. The access right data storage unit 7 stores information on users and terminals that can access the components in the DTD stored in the DTD data storage unit 2 and the user or the attribute or attribute value of each component or the component. And information that describes a different processing method for each terminal.

The XML data transmitting section 8 transmits only the XML data permitted to be accessed to the access request source. The processing control unit 9 is a part that controls the entire processing. The search engine unit 10 is a module that accesses the XML data storage unit 1 in response to a structured document search request and searches for the requested structured document. Since various types of structured document search methods by the search engine unit 10 are conventionally known, detailed description of a general search method is omitted here.

The XML data storage server 11 is a server in which XML data is stored, and stores XML, DTD,
It has respective processing units 4 to 10 for accessing and retrieving data such as XSL and the like. The client terminal 12 has a display system such as a Web browser or a viewer for accessing the XML data in the XML data storage server 11 and acquiring and displaying the XML data.

A user using this system registers a user ID and a password in the access right data storage unit 7 in advance. Also, the XML data storage server 11
The administrator sets the user and the terminal that can access each component defined in the DTD data in the DTD data storage unit 2 in the access right data storage unit 7 in advance. The processing method of each component is stored in the access right storage unit 7 for each user and each terminal.

When a certain user operates the XML data storage server 1
1 accesses the XML data managed by the client terminal 12 from the client terminal 12, the XML data storage server 11, under the control of the entire processing control unit 9, uses the component ( Tag). Further, the access right analysis processing unit 6
Then, the used component (tag) is compared with the access right information registered in the access right data storage unit 7. Here, when it is necessary to specify the user and the terminal, the user and the terminal are specified by the client determination processing unit 5, and the input of the user ID and the password is prompted as needed.

In this manner, the XML data analyzed by the access right analysis processing unit 6 according to the access right information set in advance is transmitted to the client terminal 12 by the XML data transmission unit 8. Hereinafter, embodiments of the present invention will be described with reference to specific examples.

[First Embodiment] FIG. 2 is a diagram for explaining a first embodiment of the present invention.

It is assumed that users A and B access the XML data X1 managed by the XML data storage server 11 (FIG. 2). At this time, the DTD data D1 is defined in the XML data X1, and the XML parser 4 analyzes the components from the XML data X1 and the DTD data D1 and checks the consistency of the definition (FIG. 2).

Thereafter, the access right analysis unit 6 compares the analysis result of the component with the access right data AC1 registered in the access right data storage unit 7 in advance to analyze the access right of the component (see FIG. 2). 2). The access right data AC1 is composed of, for example, a set of a component (eg, tag name), a user ID, a password (PW), and a processing method. Here, access right data A
It is assumed that “<limit1> user A PW processing method” has been registered as C1. That is, access right data A
As C1, a component (limit1), an accessible user (A), and a processing method are defined.

Thus, the client discriminating unit 5 prompts the user to input a user ID and a password.
For 1>, an authentication process using a user ID and a password (PW) is performed (FIG. 2). As a result of the authentication, if the access is permitted, XML data including the component <limit1> is created as display data (FIG. 2), and the XML data is transmitted via the XML data transmission unit 8 (FIG. 2). of). If access is not possible, XML data is created by removing the component <limit1> (FIG. 2), and
The data is transmitted via the data transmission unit 8 (of FIG. 2).

In this example, as a result of analyzing the component <limit1>, the user A is permitted to access the component <limit1> and the user B is not permitted to access the component <limit1>. For <limit1>, the component (tag) portion is displayed.
The component (tag) part of it1> will not be displayed.

FIG. 3 is a flowchart in the case where the access right analysis processing unit 6 checks the access right for each user when displaying XML data.

The access right analyzing unit 6 acquires the tag T analyzed by the XML parser 4 (step S1). Next, it is checked whether or not the acquired tag T exists in a table of the access right data storage unit 7 (hereinafter, referred to as an access right data table) (step S2). If it does not exist in the access right data table, step S
In step 3, the tag T is analyzed according to the DTD defined in the DTD data storage unit 2, and if XSL is defined in the XSL data storage unit 3, display data is created according to the style. Thereafter, a request is sent to the XML data transmission unit 8 to transmit the created display data (step S1).
1).

When the tag T exists in the access right data table, the client ID
Request to acquire a password (step S4). As a result, if the user ID and the password are received from the client determination processing unit 5 (step S5), it is checked whether or not the combination of the tag T and the acquired user ID exists in the access right data table (step S5).
6). If there is, it is further checked whether the user ID and the password are correct based on the registration information in the access right data table (step S7). If it is correct, the process proceeds to step S8, and if the combination of the tag T and the user ID does not exist in the access right data table,
Or if the user ID and password are incorrect,
Proceed to step S9.

In step S8, the components of the tag T are processed according to the processing method in the access right data table. After that, the tag T is analyzed according to the DTD defined in the DTD data storage unit 2, and if XSL is defined in the XSL data storage unit 3, display data is created according to the style. Sending the display data
Request is made to the L data transmission unit 8 (step S11).

In step S9, it is checked whether a processing method when no combination exists in the access right data table (hereinafter referred to as "others processing method") is defined. If not, step S3 is performed. Proceed to. If defined, its Other
In accordance with the processing method of s, the components of the tag T are processed, the tag T is analyzed in accordance with the DTD defined in the DTD data storage unit 2, and further, if XSL is defined in the XSL data storage unit 3, according to the style. Display data is created (step S10). Send the display data to X
It requests the ML data transmission unit 8 (step S11).

[Second Embodiment] FIG. 4 is a diagram for explaining a second embodiment of the present invention.

It is assumed that the same user A accesses the XML data X2 managed by the XML data storage server 11 from different terminals a and b (FIG. 4). At this time, the DTD data D2 is defined in the XML data X2, and the XML parser 4 outputs the XML data X2 and the DT
From the D data D2, the components are analyzed and the definition consistency is checked (FIG. 4).

Thereafter, the access right analysis unit 6 compares the analysis result of the component with the access right data AC2 registered in the access right data storage unit 7 in advance in order to analyze the access right of the component (see FIG. 2). 4). The access right data AC2 includes, for example, a set of a component, a terminal ID such as a terminal address, and a processing method. Here, as the access right data AC2, “<lim
it2> terminal a processing method "has been registered. That is, as the access right data AC2, the component <lim
It2>, an accessible terminal (a) and a processing method are defined.

As a result, the client determination processing section 5 specifies the terminal (FIG. 4). As a result of identifying and authenticating the terminal, if access is permitted, XML data including the component <limit2> is created as display data (FIG. 4), and the XML data is transmitted via the XML data transmission unit 8. Transmit (of FIG. 4). If the access is not possible, the XML data with the component <limit2> removed is created (FIG. 4) and transmitted via the XML data transmission unit 8 (FIG. 4).

In this example, as a result of analyzing the component <limit2>, the terminal a is permitted to access the component <limit2> and the terminal b is not permitted to access the terminal a. Is the component (tag) of <limit2>
Portion is displayed, and the component (tag) portion of <limit2> is not displayed for the terminal b.

FIG. 5 is a flowchart when the access right analysis processing unit 6 checks the access right on a terminal basis when displaying XML data.

The access right analysis unit 6 acquires the tag T analyzed by the XML parser 4 (step S21). Next, it is checked whether or not the acquired tag T exists in the access right data table of the access right data storage 7 (step S22). If the tag does not exist in the access right data table, the process proceeds to step S23,
Analysis is performed according to the DTD defined in the TD data storage unit 2, and if XSL is defined in the XSL data storage unit 3, display data is created according to the style.
After that, it requests the XML data transmission unit 8 to transmit the created display data (step S30).

If the tag T exists in the access right data table, the client identification processing unit 5 is requested to acquire a terminal ID (step S24). As a result, if the terminal ID is received from the client determination processing unit 5 (step S25), it is checked whether or not the combination of the tag T and the acquired terminal ID exists in the access right data table (step S26). If there is, the process proceeds to step S27, where the components of the tag T are processed according to the processing method in the access right data table. After that, the tag T is analyzed according to the DTD defined in the DTD data storage unit 2, and if XSL is defined in the XSL data storage unit 3, display data is created according to the style. Send the display data to X
It requests the ML data transmission unit 8 (step S30).

If there is no combination of the tag T and the terminal ID, the process proceeds to step S28, and in step S28,
It is checked whether the processing method of Others when the combination does not exist in the access right data table is defined. If not defined, step S
Proceed to 23. If defined, the components of the tag T are processed according to the processing method of Others, and the tag T is
Analysis is performed according to the DTD defined in the TD data storage unit 2, and if XSL is defined in the XSL data storage unit 3, display data is created according to the style.
The transmission of the display data is requested to the XML data transmission unit 8 (step S30).

[Third Embodiment] FIG. 6 is a diagram for explaining a third embodiment of the present invention.

The user A and the user B receive the XML data X1,..., Xi, managed by the XML data storage server 11.
Suppose that a search request is issued to Xn. The processing control unit 9 requests the search engine unit 10 for a search process (see FIG. 6).
of). The search engine unit 10 starts a search process (of FIG. 6) and requests the XML parser 4 to analyze the XML data Xi stored in the XML data storage unit 1. The XML parser 4 analyzes the XML data Xi (of FIG. 6),
The access right analysis unit 6 is requested to analyze the access right to the components defined in the DTD data Di attached to the ML data Xi.

The access right analysis unit 6 compares the component with the access right data AC3 registered in the access right data storage unit 7 in advance, and analyzes the access right of the component (FIG. 6). Access right data AC
3 is, for example, a component, a user ID, and a password (P
W), a set of processing methods. Here, as the access right data AC3, “<limit3> user A PW
It is assumed that "processing method" has been registered.

The client discriminating unit 5 sends the user ID in advance or in response to a request from the access right analyzing unit 6.
It prompts the user to enter D and a password, and performs user authentication processing to identify the user (FIG. 6). According to this result,
The access right analysis processing unit 6 determines whether the specified user can access the component <limit3> and notifies the XML parser 4 of the access right. The XML parser 4 notifies the search engine 10 of this fact.

In this example, as a result of analyzing the component <limit3>, the user A is permitted to access the component <limit3>, and the user B is not permitted to access. Therefore, the search engine unit 10 executes a search process for the user A with all of the elements (tags) including the <limit3> components as search targets, and executes the <limit3> Search is performed excluding the (tag) part from the search target. The result of executing the search in this manner is transmitted to the users A and B (FIG. 6).

FIG. 7 is a flowchart in the case where the access right analysis processing unit 6 checks the access right for each user at the time of retrieving XML data.

The access right analysis unit 6 acquires the tag T analyzed by the XML parser 4 (step S31). Next, it is checked whether the acquired tag T exists in the access right data table of the access right data storage unit 7 (step S32). If it does not exist in the access right data table, the flow advances to step S33 to create search processing request information in the tag T, and the flow advances to step S41.

When the tag T exists in the access right data table, the user ID,
Request to obtain a password (step S34). As a result, if the user ID and the password are received from the client determination processing unit 5 (step S35), it is checked whether or not the combination of the tag T and the acquired user ID exists in the access right data table (step S35).
36). If it exists, it is further checked whether the user ID and the password are correct based on the registration information in the access right data table (step S37). If it is correct, the process proceeds to step S38. If the combination of the tag T and the user ID does not exist in the access right data table, or if the user ID and the password are incorrect, the process proceeds to step S39.

In step S38, search processing request information in the tag T is created according to the processing method in the access right data table, and the flow advances to step S41.

In step S39, when the combination does not exist in the access right data table, the Oth
It is checked whether or not the processing method of ers is defined, and if not, the process proceeds to step S33. If defined, follow the processing method of Others,
Create search processing request information in the tag T (step S4
0), and proceed to step S41.

In step S41, steps S33, S
Based on the search request information created in S38 or S40, the search engine unit 10 is requested to search the data in the tag.

[Fourth Embodiment] FIG. 8 is a diagram for explaining a fourth embodiment of the present invention.

It is assumed that the same user A issues a search request for XML data X1,..., Xi,..., Xn managed by the XML data storage server 11 from different terminals a and b. The processing control unit 9 requests the search engine unit 10 to perform a search process (of FIG. 8). The search engine unit 10
The search processing is started (of FIG. 8), and the XML data storage unit 1
Analysis of the XML data Xi stored in the XML parser 4
To ask. The XML parser 4 analyzes the XML data Xi (of FIG. 8), and a DTD attached to the XML data Xi.
The access right analysis unit 6 is requested to analyze the access right to the component defined in the data Di.

The access right analysis unit 6 compares the component with the access right data AC4 registered in the access right data storage unit 7 in advance, and analyzes the access right of the component (FIG. 8). Access right data AC
4 is composed of a set of components, terminal ID such as terminal address, and processing method. Here, it is assumed that “<limit4> terminal a processing method” has been registered as the access right data AC2. That is, the access right data AC
As 2, the terminal <a> that can access the component <limit4>, and the processing method are defined.

The client determination processing unit 5 specifies a terminal in advance or in response to a request from the access right analysis processing unit 6 (FIG. 8). Based on the result, the access right analysis processing unit 6 determines the component <limit4> of the specified user.
Is determined, and the XML parser 4 is notified. The XML parser 4 notifies the search engine 10
Notify.

In this example, as a result of analyzing the component <limit4>, the terminal a is permitted to access the component <limit4>, and the terminal b is not permitted to access. Therefore, the search engine unit 10 executes a search process for the terminal a with all elements including the <limit4> component (tag) as a search target, and executes the <l
Search by excluding the component (tag) part of imit4> from the search target. The result of executing the search in this manner is transmitted to the terminal a and the terminal b (FIG. 8).

FIG. 9 is a flowchart in the case where the access right analysis processing unit 6 checks the access right on a terminal basis when searching for XML data.

The access right analysis unit 6 acquires the tag T analyzed by the XML parser 4 (step S51). Next, it is checked whether the acquired tag T exists in the access right data table of the access right data storage unit 7 (step S52). If it does not exist in the access right data table, the flow advances to step S53 to create search processing request information in the tag T, and the flow advances to step S60.

If the tag T exists in the access right data table, the client identification processing unit 5 is requested to acquire a terminal ID (step S54). As a result, when the terminal ID is received from the client determination processing unit 5 (step S55), it is checked whether or not a combination of the tag T and the acquired terminal ID exists in the access right data table (step S56). If it exists, the process proceeds to step S57. In step S57, search processing request information in the tag T is created according to the processing method in the access right data table, and the process proceeds to step S60.

If the combination of the tag T and the terminal ID does not exist, the process proceeds to step S58, and in step S58,
It is checked whether the processing method of Others when the combination does not exist in the access right data table is defined. If not defined, step S
Go to 53. If defined, search processing request information in the tag T is created in accordance with the processing method of Others (step S59), and the process proceeds to step S60.

At step S60, steps S53, S
Based on the search processing request information created in 57 or S59, the search engine unit 10 is requested to search the data in the tag.

[Other Embodiments] In the above embodiment, an example in which the access right is checked on a user basis and an example in which the access right is checked on a terminal basis are described separately. It is also possible to combine the check with the access right check for each terminal and execute the processing related to the access right for each user and the access right for each terminal in accordance with the components.

Although the access right is determined for each component (tag), the access right may be determined based on the attribute or attribute value (atribute) of the component in the XML data.

In the analysis of the access rights of the components in the third and fourth embodiments, the normal search processing is performed, and then the access to the components used in the XML data of the search result is performed. It is possible to judge whether or not access is possible and to edit the search results again according to whether or not access is possible. Also, by analyzing the search conditions before searching for data, the result of determining whether or not access to each component is possible in advance Can be further added as a search condition, and a search can be performed in such a manner that the inaccessible components are not searched by the search condition.

The identification and authentication of the user or the terminal may be performed when necessary for analyzing the access right, or may be performed in advance. For user authentication, existing encryption technology can be used.

Further, regarding the setting of the access right data, a method of setting from a separately prepared tool or the like can be considered. In addition, the access right data can be implemented by using a separate database or using a normal text file.

[Example of Access Right Data Table] FIG.
Shows an example of an access right data table used when checking the access right on a user basis. In the example of FIG. 10A, “display” /
There are four types of processing methods: "do not display" / "display in Japanese" / "display in English". When “display in English” is specified as the processing method, the data in the tag is translated into English and displayed for the corresponding user. In addition, various processing methods can be used.

For example, when the user whose user ID is Taro uses the Title tag, the user authentication and the password “abcd999” are checked. If the result is correct, the data in the Title tag is
It will be displayed in Japanese. User ID is Geor
In the case of “ge”, the user authentication and the password “efgh9
99 ”is checked, and if the result is correct, Ti
The data in the tel tag is translated and displayed in English. For other users (Others), Title
Not displayed for tag data.

[0068] Information obtained by grouping a plurality of users may be registered in the access right data table.
FIG. 10B shows an example thereof. The access right data table shown in FIG. 10B includes a tag name and a group ID.
A table having information on the correspondence between the group and the processing method,
It is composed of a table having correspondence information between D and user ID, and a table having correspondence information between user ID and password.

When the user ID is “Taro”, “Jiro”
User belongs to a group having a group ID of "Japanese", and a user having a user ID of "George" belongs to a group having a group ID of "American". For example, if a user whose user ID is Taro uses a Title tag, the user ID
Based on the correspondence table between D and the password, the user authentication and the password “abcd999” are checked.
Since Taro belongs to the Japanese group, "display in Japanese" is selected as the processing method. As a result, the data in the Title tag is displayed in Japanese. Similarly, if the user ID is G
In the case of George, after the user authentication and password check, George is in the American group, so the processing method is "display in English".
Is selected, and the data in the Title tag is translated and displayed in English.

FIG. 11 shows an example of an access right data table used when checking the access right for each user, and has a function combining the tables of FIG. 10A and FIG. 10B.

The access right data table includes a table having correspondence information between tag names, code IDs (Code IDs) and processing methods, a table having correspondence information between code IDs and group IDs, a code ID and a user ID. , A table having correspondence information between group IDs and user IDs, and a table having correspondence information between user IDs and passwords.

For example, when the user whose user ID is Taro uses the Title tag, the user authentication and the password “abcd999” are checked based on the correspondence table between the user ID and the password, and Taro is checked.
Belongs to the group of Japanes and Japanes
Since the code ID of e is "3", "display in Japanese" is selected as the processing method for the Title tag.

When the user whose user ID is Taro uses the chapter tag, "not displayed" is selected as the processing method for the chapter tag because the code ID of Taro is "6".

FIG. 12 shows an example of an access right data table used when checking the access right on a terminal basis. In the case of the table configuration of FIG. 12A, for example, a terminal whose terminal ID is pc0001 is a Title
When the tag is used, the data in the Title tag is displayed in Japanese depending on the specification of the terminal. In the case of the table configuration of FIG. 12B, information in which a plurality of terminals are grouped by a group ID is registered in an access right data table, and when a terminal having a terminal ID pc0001 uses a Title tag, p
It is detected that the terminal of c0001 belongs to the terminal group of Japanese, and as a result, the data in the Title tag is displayed in Japanese.

FIG. 13 shows an example of an access right data table used for checking the access right on a terminal basis, and has a function combining the tables of FIG. 12 (A) and FIG. 12 (B).

The access right data table includes a table having correspondence information between a tag name, a code ID (CodeID), and a processing method, a table having correspondence information between a code ID and a group ID, a code ID, a terminal ID, and the like. And a table having correspondence information between group IDs and terminal IDs.

For example, when the terminal whose terminal ID is pc0001 uses the Title tag, the terminal of pc0001 belongs to the group of Japanese, and
Since the code ID of “se” is “3”, Title
“Display in Japanese” is selected as the processing method for the tag.

When the terminal whose terminal ID is pc0001 uses the chapter tag, the code ID of the terminal of pc0001 is "6".
"Not display" is selected as the processing method for the er tag.

Note that a password may be provided for the access right data table for each terminal in the same manner as for the user. Further, for example, by using both the tables shown in FIGS. 10 and 12 or the tables shown in FIGS. 11 and 13, it is possible to simultaneously perform the access right check for each user and the access right for each terminal.

FIG. 14A shows the D used for each user.
An example of an access right data table used when switching between TD and XSL is shown. For example, in the access right data table described with reference to FIG.
TD and XSL information are added. Only the definition of either DTD or XSL may be used.

For example, when the user whose user ID is Taro uses the Title tag, “display in Japanese” is selected as the processing method by the above-described table search, and the data in the Title tag is written in Japanese. At this time, the DTD of “DTD1” and the “XSL1” are displayed with respect to the user ID of Taro.
Since it is set to use XSL, Tar
For the user ID of “o”, “D
DTD data of “TD1” is used, and “XSL1”
The display method is selected according to the XSL data.

FIG. 14B shows the DT used for each terminal.
An example of an access right data table used when switching between D and XSL is shown. For example, in the access right data table described with reference to FIG. 12B, a table in which DTD and XSL information used as information is added to each terminal ID is provided.

For example, when the terminal whose terminal ID is pc0001 uses the Title tag, “display in Japanese” is selected as the processing method by the table search described above, and the data in the Title tag is expressed in Japanese. At this time, the DTD of "DTD1" and the "XSL
Since it is set to use XSL of 1 ", p
For the terminal ID of c0001, the DTD data of “DTD1” is used for the analysis of the XML data,
The display method is selected according to the XSL data of SL1 ″.

[Display Example of XML Data] FIG.
XM to be accessed stored in the L data storage unit 1
16 illustrates an example of L data, FIG. 16 illustrates an example of DTD data stored in the DTD data storage unit 2, and FIG. 17 illustrates an example of XSL data stored in the XSL data storage unit 3.

As shown in FIG. 15, for example, the XML data is described with a tag surrounded by “<” and “>” as a component. As shown in FIG. 16, the definition of tags such as parent-child relationship used in the XML data is DTD.
Described as data. In the DTD, for example,
It is described that <constitution> is composed of the components <head>, <preamble>, and <chapter *>. XSL
The data is, for example, a description as shown in FIG.
For a tag defined by DTD data, a display method such as font and layout is specified.

FIGS. 18 and 19 show the XM shown in FIG.
5 shows a display example of L data. The display example of FIG. 18 is an example in which the XML data shown in FIG. 15 is displayed for a user or a terminal permitted to access all the components. On the other hand, FIG. 19 is a display example of XML data for a user or a terminal that is not permitted to access the components of <article>.
Only <title> is displayed, and the content of <article> is not displayed.

Thus, for the same XML data,
With a simple mechanism based on the setting information in the access right data storage 7, different displays can be realized for each user or terminal.

[0088]

As described above, according to the present invention,
Security can be applied to each part in structured document description data such as XML data for each user or terminal, and data displayed when different users access the same structured document description data can be obtained. , User (including user group). In addition, the displayed data can be changed depending on the terminal from which to access. For example, when accessing via the Internet where there is a concern about information leakage, or in the company where there is no concern about information leakage It is also possible to change the display method in the case of the access.

In any case, since the transmitting side of the structured document description data creates the display data according to the access right, a person who cannot access a part of the data is aware of the existence of the intentionally hidden data. Never.

It is also possible to easily change the processing of the constituent elements (tags) for each user. For a certain user, it is translated into another language and displayed, or a part of the data is painted in black. Processing such as display is also possible.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration example of the present invention.

FIG. 2 is a diagram illustrating a first embodiment of the present invention.

FIG. 3 is a flowchart of an access right analysis processing unit.

FIG. 4 is a diagram illustrating a second embodiment of the present invention.

FIG. 5 is a flowchart of an access right analysis processing unit.

FIG. 6 is a diagram illustrating a third embodiment of the present invention.

FIG. 7 is a flowchart of an access right analysis processing unit.

FIG. 8 is a diagram illustrating a fourth embodiment of the present invention.

FIG. 9 is a flowchart of an access right analysis processing unit.

FIG. 10 is a diagram illustrating an example of an access right data table.

FIG. 11 is a diagram illustrating an example of an access right data table.

FIG. 12 is a diagram illustrating an example of an access right data table.

FIG. 13 is a diagram illustrating an example of an access right data table.

FIG. 14 is a diagram illustrating an example of an access right data table.

FIG. 15 is a diagram illustrating an example of XML data.

FIG. 16 is a diagram illustrating an example of DTD data.

FIG. 17 is a diagram illustrating an example of XSL data.

FIG. 18 is a diagram illustrating a display example of XML data.

FIG. 19 is a diagram illustrating a display example of XML data.

[Explanation of symbols]

 REFERENCE SIGNS LIST 1 XML data storage unit 2 DTD data storage unit 3 XSL data storage unit 4 XML parser 5 client determination processing unit 6 access right analysis processing unit 7 access right data storage unit 8 XML data transmission unit 9 processing control unit 10 search engine unit 11 XML Data storage server 12 Client terminal

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06F 15/40 320B 340 F-term (Reference) 5B009 NA06 VA11 VC01 5B017 AA07 BA05 BA06 BB06 CA16 5B075 KK07 KK13 KK43 KK54 KK63 ND16 ND35 UU40 5B082 AA11 BA00 EA11 EA12 GA11 GC04

Claims (6)

[Claims] An apparatus for displaying a document described by structured document description data stores access right information given to each component of the structured document description data or an attribute or attribute value of the component. An access right data storage unit, and an access right analysis for collating the requested structured document description data with the access right information in response to an access request for the structured document description data, and determining whether or not access is possible for each component. A structured document description data processing device, comprising: a processing unit for extracting and processing only the components permitted to access in the requested structured document description data. 2. An apparatus for retrieving a document described by structured document description data, wherein each component of the structured document description data or the access right information assigned to the attribute or attribute value of the component is stored. An access right data storage unit, an access right for collating the structured document description data to be searched with the access right information in response to a search request for the structured document description data, and determining whether or not access is possible for each component; A structured document description data processing device, comprising: an analysis processing unit, wherein a search is performed for only the components permitted to access in the requested structured document description data search. 3. The structured document description data processing device according to claim 1, wherein the access right information is set for a user or a terminal accessing the structured document description data or a group thereof. Information that is analyzed and searched or displayed for only those components that the user or group is allowed to access, or only those components that are allowed only when the user or group is accessed from a particular terminal or terminal group A structured document description data processing device. 4. The structured document description data processing device according to claim 1, wherein the access right information is for each component of the structured document description data or an attribute or attribute value of the component. A structured document description data processing device having information on a processing method, and performing processing based on a processing method specified by the access right information for a corresponding component. 5. A recording medium storing a program for realizing, by a computer, a device for displaying a document described by structured document description data, wherein each component of the structured document description data or an attribute of the component is recorded. Alternatively, by referring to an access right data storage unit that stores access right information assigned to attribute values, in response to an access request for structured document description data, the requested structured document description data and the access right information A program for causing a computer to execute a process of determining whether or not access is possible for each component by comparing the components with each other and extracting and outputting only components for which access is permitted in the requested structured document description data A recording medium for a structured document description data processing program, characterized in that: 6. A recording medium storing a program for realizing, by a computer, a device for displaying a document described by structured document description data, wherein each component of the structured document description data or an attribute of the component is recorded. Alternatively, referring to an access right data storage unit that stores access right information assigned to attribute values, in response to a search request for structured document description data, structured document description data to be searched and the access right information A program that causes a computer to execute a process of determining whether or not access is possible for each component by comparing with a component and searching only the components for which access is permitted in the search of the requested structured document description data is performed. A structured document description data processing program recording medium characterized by being recorded.