Browse Prior Art Database

Access Control Data Structure for Large Collections

IP.com Disclosure Number: IPCOM000106269D
Original Publication Date: 1993-Oct-01
Included in the Prior Art Database: 2005-Mar-20
Document File: 2 page(s) / 83K

Publishing Venue

IBM

Related People

Gladney, HM: AUTHOR

Abstract

There is a reluctance to entrust electronic documents to document/image libraries or object-oriented databases which do not have adequate access control. Prior schemes do not scale well to the collection sizes needed, and are not flexible enough for enterprise data bases.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Access Control Data Structure for Large Collections

      There is a reluctance to entrust electronic documents to
document/image libraries or object-oriented databases which do not
have adequate access control.  Prior schemes do not scale well to the
collection sizes needed, and are not flexible enough for enterprise
data bases.

      The following are the key elements of data structures and
procedures for exploiting those structures to distribute control of
privileges throughout a large data collection and to a complex
organization.  The novel steps are including fields in a database
representing and describing objects, viz..,

1.  Storing all access control information which references objects
    as part of the object database itself, including anything that
    relates one object to another, thereby avoiding rules built into
    reference monitor programs which (are candidates to) become part
    of the operating system;

2.  Including as part of a catalog entry which is a point of control
    for each object (e.g., by being the only place which has the
    address of the object) the identity of or a pointer to an access
    control object;

3.  Including as part of a catalog entry which is a point of control
    for each object a means of selecting one of several reference
    monitor programs;

4.  Including in each such catalog entry object flags to indicate how
    the foregoing fields are interpreted (e.g., whether the access
    control field above refers to a subroutine or an object), and
    using this data and the contents of the foregoing fields for
    fast-path, special rule, or indirection mechanisms;

5.  Including as part of a catalog entry which is a point of control
    for each object a means of indicating whether...