1 / 56

Report on: Database Futures Study Group & Database Security Study Group

JTC1 SC32N1645. Report on: Database Futures Study Group & Database Security Study Group. Clearwater, Fl Feb 5-8 2007. Outline. Purpose of this presentation ( only a brief comment on the SQL Security SG. Covered elsewhere in Japanese Papers & Presentation)

hagen
Download Presentation

Report on: Database Futures Study Group & Database Security Study Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. JTC1 SC32N1645 Report on: Database Futures Study Group &Database Security Study Group Clearwater, Fl Feb 5-8 2007

  2. Outline • Purpose of this presentation (only a brief comment on the SQL Security SG. Covered elsewhere in Japanese Papers & Presentation) • Background & Targets of the study groups • Presentations, activities at SG meeting • Outcomes • What’s next ?– options and discussion starters • Note – slides from materials to the SG meeting are used in this presentation

  3. Background • 2005 SC32 – Berlin SC32N____ • 2006 SC32 – Kobe – SC32 N1451, N1452 • 2006 SC32 – Tutorials (Bargmeyer, Melton) • 2006 SQL Security proposals - Japan Note: Well known, older areas of demand, like temporal, embedded transaction, replication not addressed in this meeting

  4. Tutorials@SC32 2006 – Bargmeyer(& the need for scenarios)

  5. From Tutorials @ Sc32 2006 BB2

  6. From Tutorials @ Sc32 2006 - BB3

  7. From Tutorials @ SC32 2006(technology developments & research activity )

  8. Participants and Topics • 16 Participants from 6 Countries– Australia, Canada, Korea, Japan, UK, USA • 8 Presentations. Requirements from metadata systems, rich semantic structures, RDF and Graph Query Languages, MDR, MFI, concepts systems, • Database Security Framework/Context(… and papers from Japan)

  9. References/Materials • SQL/XML • Potential Directions • The Graph Query Language: Towards Unification of approaches • Database requirements Metamodel Framework for Interoperability • MDR for the Semantic Web: Supporting Ontology Concept • Query Language for MDR and XMDL • Towards Semantic Oriented Database - Metadata and Ontology - • Querying across Relational and XML data • Taking Stock – links to other Standards Activities (W3C, OMG, …) • Article: Link Mining Applications: Progress and Challenges – Ted E Senator • Draft DB Security Framework/Context • 4 SQL Security Papers

  10. Purpose: Database Standards SGSC32 N1541 Expected Outcome • The workshop would provide input to existing SC32 projects and may provide background material for new proposals for upgrades or for new work within SC32 in time for 2007 SC32 Plenary

  11. Extract N1451 • These topics raise a number of questions about the support that is already present, could and/or should be present in our standards in WG3 and WG4 and the real size, extent, priority and alternatives associated with these requirements. • The discussion pointed to the need to identify and understand new database requirements in these and other areas to a sufficient level to properly understand the underlying database capability requirement.

  12. Purpose – SSSG (SQL Security Study Group) (32N1452) • The study period will help define the requirements for an amount of expertise required over an estimated period in order to produce the required standards, and also identify interrelated work items to produce the required standards. • The study period will address user requirements involving possible users, the relationships with other work, the technical approach and technical feasibility---including identification of reference material on technical issues and initial material where available.

  13. Outcomes – Options ? • Possible implications for WG2, WG3, WG4 • Scenarios – outlines of some application areas are within presentations. Extract and elaborate further? To a level sufficient to understand DB implications? • Presentations suggest activity to improve support for: • Graph structure; knowledge encoded in them; query support • RDF support in SQL? Via SQL/XML? Other? • Transforming SQL and RDF data • Metadata Registries, SQL/MDR or a SQL/MM part • Concept systems, ontologies and Metamodel Interoperability

  14. Making Progress • Exposure of materials to SC32 WGs and NBs - inadequate time so far to consider actions • Ask WGs to review presentations and consider position • Discuss possible progress for SC32 Closing plenary – possible new or continuing work. NB requests? • Ad Hoc meeting to address and report to closing plenary?

  15. Existing support – and reality • Understand how existing capability might support requirement • What is appropriate and realistic for SC32 to address? – expertise, resources, leverage standards and work of other groups, identify the SC32 value added areas.

  16. Real World SQL - product metadata(courtesy Baba Piprani)

  17. Activities and Presentations

  18. SQL/XML Capability & near Targets

  19. Potential Directions

  20. From Bargmeyer The Nub of It Processing that takes “meaning” into account Processing based on the relations between things not just computing about the things themselves. Computing that takes people out of the processing, reducing the human toil Data access, extraction, mapping, translation, formatting, validation, inferencing, … Delivering higher-level results that are more helpful for the user’s thought and action 21

  21. From Bargmeyer …. Semantics Challenges Managing, harmonizing, and vetting semantics is essential to enable enterprise semantic computing Managing, harmonizing and vetting semantics is important for traditional data management. In the past we just covered the basics Enabling “community intelligence” through efforts similar to Wikipedia, Wikitionary, Flickr 22

  22. From BB

  23. Extraction EnginesFind concepts & relations between concepts in text, tables, data, audio, video, …Produce databases (relational tables, graph structures), and other outputFunctions - Segment, Classify, …

  24. Some Limitations of Relational Technologies & SQL Limited graph computations • Weak graph query language Limited object computations - Weak object query language • Limited linkage of concept system (graphs) to data (relational, graph, object) • Inadequate linkage of metadata to data (underspecified “catalog”) • CASE tools also disable, rather than enable data administration & semantics management 25

  25. Database Support for MFI (Metamodel Framework for Interoperability)(ISO/EC19763)

  26. Scenarios • Construction Industry in Japan LCMN • Registry Federation – ebXML Asia • ECOM – Japanese Electronic CommerceComment: Very long transaction – 20-30 years

  27. Level of Interoperation

  28. Graph Query Language - Silberg

  29. Metadata & Ontology

  30. “Taking stock of database 'standards' activities” – Mike Newton UK

  31. Database Security • Discussion identified the need for a high level security model. … And to understand where Japanese proposals fit within it. • High level model:

  32. High level model • Identity • Authorization • Encryption • Intrusion • Security External to the Database • External and/or Governance Security Requirements • Implementations • Administration/Management • Audit • Integration with external authentication context

  33. SSSG Action Items • Agree list of recommended items on which SC32 can act. • Executive summary of our observations and conclusions • Locate and review USA DOD Orange book • Locate and review other relevant standard – SC27 and other ISO standards • Locate and review industry security standards, IE Payment Card Industry • Locate and review De Jure security standards. • Evidence of requirements – brief documents/case studies/scenarios • Request that national bodies explore the items above and bring materials for the New York SC32 meeting.

  34. OUTCOMES Work, Activities, Options ?

More Related