A conflict detection mechanism for authorization using intention types in object-oriented database systems

Abstract

Many object-oriented database systems have used the notion of implicit authorization to avoid the overhead caused by explicitly storing all authorizations for each object. In implicit authorization, it is very important to detect efficiently conflicts between existing authorizations and new authorizations to be added. In this article we propose a conflict detection mechanism in the OODBMSs using implicit authorization with the notion of intention type authorization. When Lye grant an authorization on a node n in the database granularity hierarchy, the existing method is inefficient in determining the conflicts since it needs to examine all authorizations on the descendants of the node n. In contrast, our mechanism has the advantage of detecting the conflicts at the node n where an explicit authorization is to be granted without examining any authorizations below the node n. Thus, the proposed mechanism can detect a conflict with the average time complexity of O(d), which is smaller than O(m(d)) of existing methods, where m is the number of children nodes at an arbitrary level and d is the difference of levels between the node with an existing explicit authorization and the higher node where an explicit authorization is to be granted. We also show that the additional storage overhead of storing all authorizations is negligible when compared with the total number of all explicit authorizations.