An approach to authorization modeling in object-oriented database systems

摘要

Authorization is an important functionality that every data management system should provide. An authorization mechanism allows different access rights on data items to be selectively assigned to users. Authorization models and mechanisms have been widely investigated in the framework of traditional database systems. The extension of those models and mechanisms to advanced data management systems is quite complex, because those systems are characterized by data models with a larger number of semantic constructs than traditional models, like the relational one. A first authorization model defined for object-oriented (and semantic) database systems has been presented in [20]. In this paper we present an authorization model that substantially extends and revises that model. The most significant extension concerns the support for content-dependent authorization, which was not provided in [20]. Content-dependent authorization is very important in providing an authorization mechanism able to directly support authorization policies of application environments. Moreover, it is a crucial functionality in environments where data objects frequently change their status. In addition, the model presented here differs from the model defined in [20] in that new authorization types are introduced and a finer control of versions is provided. Finally, authorization administration of objects is considered.