Implicit authorization reduces the overhead of specifying authorizations in a database organized in a hierarchy by implicitly granting authorization to descendents of a node to which authorization is explicitly specified. When using implicit authorizations, however, it is critical to efficiently detect a conflict between implicit authorizations derived from high level nodes and explicit authorizations specified in descendant nodes. In implicit authorization, it is important to detect conflicts efficiently between existing authorizations and newly added ones. However, in previous mechanisms, detecting conflicts are complicated by examining the authorizations that exist in all of the descendants of the node explicitly authorized. This problem becomes significant in object-oriented databases, which contain various types of complex hierarchies of objects.
In this dissertation, we propose a new notion of intention type authorization. We then propose an efficient conflict detection mechanism using implicit authorization. An intention type authorization is a special type of authorization given to the ancestors of a node that has explicit authorization. It behaves as a tag indicating the existence of an explicit authorization in the descendents, thus enabling the detection of any conflicts immediately at the node where an authorization is being granted. We show that intention type authorization improves the exponential order of complexity of previous mechanisms of granting authorization to the linear order. We also show that additional storage overhead for intention type authorization is negligible.
We show the usefulness of intention type authorization by appling the notion to the three kinds of hierarchies that exist in object-oriented databases: 1) the database granularity hierarchy that spans from the level of a system to that of instances, 2) the class composition hierarchy based on the relationships of composite objects, and 3) the class inheritance hierarchy based on the property of inheritance among classes.
We believe that the idea of intention type authorization provides new insights into the implicit authorization mechanism in object-oriented database systems.