A model of authorization for object-oriented and semantic databases

This paper presents a formal model of authorization for use as the basis for an authorization mechanism in ORION, a prototype database system which directly supports the object-oriented paradigm and a number of semantic data modeling concepts. The model extends in two significant ways the existing models of authorization, which have been designed for database systems supporting the relational, network, or hierarchical models of data. First, it fully develops the concept of implicit authorization, introduced in an earlier paper [FERN75b], to help solve the storage requirement of representing all authorizations in a system by allowing the system to deduce authorizations from explicitly stored authorizations, and to provide a basis for detecting authorization definitions which conflict with existing authorizations. Second, it provides a formal basis for accommodating a number of modeling concepts which the existing models of authorization cannot address: the IS-PART-OF relationship between an object and its containing object, and versions of an object.