“…<!DOCTYPE patientrecords[ <!ELEMENT patientrecords(patient*)> <!ELEMENT patient(ssn,name,phone,age,race,diagnosis*)> <!ELEMENT ssn(#PCDATA)> <!ELEMENT name(#PCDATA)> <!ELEMENT phone(#PCDATA)> <!ELEMENT birthdate(#PCDATA)> <!ELEMENT race(#PCDATA)> <!ELEMENT diagnosis(date,physician,comment*,presecription*)> <!ELEMENT date(#PCDATA)> <!ELEMENT physician(#PCDATA)> <!ELEMENT comment(#PCDATA)> <!ELEMENT prescription(#PCDATA)> <!ELEMENT allergies(allergen* The RXACL architecture, introduced in Gowadia and Farkas (2003), provides flexible access control granularity by allowing security classification of XML nodes and subtrees (simple security objects), and associations among nodes (association security objects). In Gowadia and Farkas (2003) we proposed a technique to enforce association-based access control at data-level (i.e., check for security violation after query processing) and it is outside the scope of this paper.…”