Access Controls by Object-Oriented Concepts

This paper introduces object-oriented access controls (OOAC) as a result of consequently applying the object-oriented paradigm for providing access controls in object and interoperable databases. OOAC includes: (1) subjects, like users, roles etc., are regarded as firstclass objects, (2) objects are accessed by sending messages, and (3) access controls deal with controlling the flow of messages among objects. OOAC are not intended to replace legacy access control mechanisms which mainly have been designed and applied in non-object environments. Instead, they provide the basis for applying these concepts in true object-oriented environments. An object authorization language (OAL) is proposed for specifying authorizations in a declarative manner. We illustrate the feasibility of the proposed concepts in applying them to IRO-DB II, an extension of the database federation IRO-DB, that provides interoperable access between relational and object-oriented database systems on the world-wide-w..

Managing WWW Documents in Distributed Editorial Environments

Global on-line information services, such as provided by the World Wide Web (WWW) are an adequate and invaluable communication platform for tourist industry. The production of such electronic publications requires different information types to be handled and linked together in a sophisticated way. The task of hypermedia information handling even becomes more difficult if a group of people is working cooperatively on it. An application scenario for the production of WWW publications demonstrates how the HyDoMan Distributed Hypermedia Document Management System can be applied to cooperative development of hypermedia publication 1 . 1 Introduction The goal of this paper is to show the applicability of the HyDoMan Distributed Hypermedia Document Management System developed at our institute for the cooperative development of World Wide Web (WWW) publications for tourist information. Section 2 discusses why on-line information services are of importance for tourist industry. The princip..

The security API of IRO-DB

This paper describes the application programming interface (API) providing authorization and access control in IRO-DB. IRO-DB is an ODMB compliant federated database system supporting interoperable access between relational and object-oriented databases. The developed security API implements a federated, administrative, discretionary access control policy which is role-based but additionally supports ownership of data. Authorization rules can be positive as well as negative and use implied authorization for deriving implicit access from a set of explicit rules. The security API depicts a C++ class library maintaining security information (like authorization subjects, objects, and rules) and providing security mechanisms (like identification, authentication, authorization and access control). As a consequence of providing interoperable access by keeping the autonomy of participating component databases a mapping mechanism between the heterogeneous local security policies and the global ..

Authorization and Access Control in IRO-DB

The paper describes authorization and access control in the IRO-DB database system, a system supporting interoperable access between relational and object-oriented databases. The security policy developed is a federated, administrative discretionary access control policy which supports positive, negative, as well as implied authorization, includes a procedure for conflict resolution within the set of specified authorization rules, and concentrates on role-based security. 1 Introduction An increasing number of database applications need to work on data which are stored by using several different file systems or are spread over existing possibly heterogeneous databases. This has led to a lot of research and classifications in the field of heterogeneous database systems, database federations, multidatabases, and interoperable systems. A classification of federated database systems (FDBS) depending on the management of the federation is given in [15]. A federated database system (FDBS) co..

Authorization and Access Control in IRO-DB *)

The paper describes authorization and access control in the IRO-DB database system, a system supporting interoperable access between relational and object-oriented databases. The security policy developed is a federated, administrative discretionary access control policy which supports positive, negative, as well as implied authorization, includes a procedure for conflict resolution within the set of specified authorization rules, and concentrates on role-based security.