Specifying and enforcing access control policies for XML document sources