Report on:

Database Futures Study Group &

Database Security Study Group

Clearwater, Fl

Feb 5-8 2007

JTC1 SC32N1645

Outline

• Purpose of this presentation (only a brief comment on the SQL Security SG. Covered

elsewhere in Japanese Papers & Presentation) • Background & Targets of the study groups • Presentations, activities at SG meeting• Outcomes • What’s next ?– options and discussion starters

• Note – slides from materials to the SG meeting are used in this presentation

Background

• 2005 SC32 – Berlin SC32N____• 2006 SC32 – Kobe – SC32 N1451, N1452• 2006 SC32 – Tutorials (Bargmeyer, Melton) • 2006 SQL Security proposals - Japan

Note: Well known, older areas of demand, like temporal, embedded transaction, replication not addressed in this meeting

Tutorials@SC32 2006 – Bargmeyer(& the need for scenarios)

From Tutorials @ Sc32 2006 BB2

From Tutorials @ Sc32 2006 - BB3

From Tutorials @ SC32 2006(technology developments & research activity )

Participants and Topics

• 16 Participants from 6 Countries – Australia, Canada, Korea, Japan, UK, USA

• 8 Presentations. Requirements from metadata systems, rich semantic structures, RDF and Graph Query Languages, MDR, MFI, concepts systems,

• Database Security Framework/Context(… and papers from Japan)

References/Materials

• SQL/XML• Potential Directions • The Graph Query Language: Towards Unification of approaches• Database requirements Metamodel Framework for Interoperability• MDR for the Semantic Web: Supporting Ontology Concept • Query Language for MDR and XMDL • Towards Semantic Oriented Database - Metadata and Ontology - • Querying across Relational and XML data • Taking Stock – links to other Standards Activities (W3C, OMG, …) • Article: Link Mining Applications: Progress and Challenges – Ted

E Senator

• Draft DB Security Framework/Context • 4 SQL Security Papers

Purpose: Database Standards SGSC32 N1541

Expected Outcome

• The workshop would provide input to existing SC32 projects and may provide background material for new proposals for upgrades or for new work within SC32 in time for 2007 SC32 Plenary

Extract N1451

• These topics raise a number of questions about the support that is already present, could and/or should be present in our standards in WG3 and WG4 and the real size, extent, priority and alternatives associated with these requirements.

• The discussion pointed to the need to identify and understand new database requirements in these and other areas to a sufficient level to properly understand the underlying database capability requirement.

Purpose – SSSG (SQL Security Study Group) (32N1452)

• The study period will help define the requirements for an amount of expertise required over an estimated period in order to produce the required standards, and also identify interrelated work items to produce the required standards.

• The study period will address user requirements involving possible users, the relationships with other work, the technical approach and technical feasibility---including identification of reference material on technical issues and initial material where available.

Outcomes – Options ?

• Possible implications for WG2, WG3, WG4 • Scenarios – outlines of some application areas are within

presentations. Extract and elaborate further? To a level sufficient to understand DB implications?

• Presentations suggest activity to improve support for:– Graph structure; knowledge encoded in them; query support– RDF support in SQL? Via SQL/XML? Other?– Transforming SQL and RDF data– Metadata Registries, SQL/MDR or a SQL/MM part – Concept systems, ontologies and Metamodel Interoperability

Making Progress

• Exposure of materials to SC32 WGs and NBs - inadequate time so far to consider actions

• Ask WGs to review presentations and consider position

• Discuss possible progress for SC32 Closing plenary – possible new or continuing work. NB requests?

• Ad Hoc meeting to address and report to closing plenary?

Existing support – and reality

• Understand how existing capability might support requirement

• What is appropriate and realistic for SC32 to address? – expertise, resources, leverage standards and work of other groups, identify the SC32 value added areas.

Real World SQL - product metadata(courtesy Baba Piprani)

Activities and Presentations

SQL/XML Capability & near Targets

Potential Directions

21

From Bargmeyer

The Nub of It

• Processing that takes “meaning” into account• Processing based on the relations between things not

just computing about the things themselves.• Computing that takes people out of the processing,

reducing the human toil– Data access, extraction, mapping, translation,

formatting, validation, inferencing, …• Delivering higher-level results that are more helpful

for the user’s thought and action

22

From Bargmeyer ….

Semantics Challenges• Managing, harmonizing, and vetting semantics is

essential to enable enterprise semantic computing• Managing, harmonizing and vetting semantics is

important for traditional data management. – In the past we just covered the basics

• Enabling “community intelligence” through efforts similar to Wikipedia, Wikitionary, Flickr

From BB

Extraction EnginesFind concepts & relations between concepts in text, tables, data, audio, video, …Produce databases (relational tables, graph structures), and other outputFunctions - Segment, Classify, …

Some Limitations of Relational Technologies & SQL Limited graph computations

• Weak graph query language Limited object computations - Weak object query language

• Limited linkage of concept system (graphs) to data (relational, graph, object)

• Inadequate linkage of metadata to data (underspecified “catalog”)– CASE tools also disable, rather than enable data

administration & semantics management

25

Database Support for MFI (Metamodel Framework for Interoperability)

(ISO/EC19763)

Scenarios

• Construction Industry in Japan LCMN

• Registry Federation – ebXML Asia

• ECOM – Japanese Electronic Commerce

Comment: Very long transaction – 20-30 years

Level of Interoperation

Graph Query Language - Silberg

Metadata & Ontology

“Taking stock of database 'standards' activities”

– Mike Newton UK

Database Security

• Discussion identified the need for a high level security model. … And to understand where Japanese proposals fit within it.

• High level model:

High level model

1. Identity2. Authorization3. Encryption4. Intrusion5. Security External to the Database6. External and/or Governance Security Requirements7. Implementations8. Administration/Management9. Audit10. Integration with external authentication context

SSSG Action Items • Agree list of recommended items on which SC32 can act. • Executive summary of our observations and conclusions• Locate and review USA DOD Orange book • Locate and review other relevant standard – SC27 and other ISO

standards• Locate and review industry security standards, IE Payment Card

Industry• Locate and review De Jure security standards.• Evidence of requirements – brief documents/case

studies/scenarios• Request that national bodies explore the items above and bring

materials for the New York SC32 meeting.

OUTCOMES

Work, Activities, Options ?

Existing support – and reality

• Understand how existing capability might support requirement

• What is appropriate and realistic for SC32 to address? – expertise, resources, leverage standards and work of other groups, identify the SC32 value added areas.

Outcomes – Options ?

• Possible implications for WG2, WG3, WG4 • Scenarios – outlines of some application areas are within

presentations. Extract and elaborate further? To a level sufficient to understand DB implications?

• Presentations suggest activity to improve support for:– Graph structure; knowledge encoded in them; query support– RDF support in SQL? Via SQL/XML? Other?– Transforming SQL and RDF data– Metadata Registries, SQL/MDR or a SQL/MM part – Concept systems, ontologies and Metamodel Interoperability

Specifically

Consider:• Further scenario development • SQL/MDR – Korean proposal? Based on presentation

• RDF support– in SQL, from elsewhere– Transforming SQL -> RDF

• Graph and semantics support in SQL? (Adequate for the work in the scenarios)

• Other ….

Making Progress • Exposure of materials to SC32 WGs and NBs -

inadequate time so far to consider actions

• Ask WGs to review presentations and consider position

• Discuss possible progress for SC32 Closing plenary Possible new or continuing work. Requests to NBs?

• Ad Hoc meeting to address and report to closing plenary?

… and Security actions ?

• Consider use and further development of Security Model – and other sources

• Actions above ; and

• Already on WG3, WG4 agendas ?

ENDReport on:

Database Futures Study Group& Database Security Study Group

Clearwater, FlFeb 5-8 2007