Access Controls by Object-Oriented Concepts

Abstract

This paper introduces object-oriented access controls (OOAC) as a result of consequently applying the object-oriented paradigm for providing access controls in object and interoperable databases. OOAC includes: (1) subjects, like users, roles etc., are regarded as firstclass objects, (2) objects are accessed by sending messages, and (3) access controls deal with controlling the flow of messages among objects. OOAC are not intended to replace legacy access control mechanisms which mainly have been designed and applied in non-object environments. Instead, they provide the basis for applying these concepts in true object-oriented environments. An object authorization language (OAL) is proposed for specifying authorizations in a declarative manner. We illustrate the feasibility of the proposed concepts in applying them to IRO-DB II, an extension of the database federation IRO-DB, that provides interoperable access between relational and object-oriented database systems on the world-wide-w..