report on: database futures study group & database security study group
DESCRIPTION
JTC1 SC32N1645. Report on: Database Futures Study Group & Database Security Study Group. Clearwater, Fl Feb 5-8 2007. Outline. Purpose of this presentation ( only a brief comment on the SQL Security SG. Covered elsewhere in Japanese Papers & Presentation) - PowerPoint PPT PresentationTRANSCRIPT
Report on:
Database Futures Study Group &
Database Security Study Group
Clearwater, Fl
Feb 5-8 2007
JTC1 SC32N1645
Outline
• Purpose of this presentation (only a brief comment on the SQL Security SG. Covered
elsewhere in Japanese Papers & Presentation) • Background & Targets of the study groups • Presentations, activities at SG meeting• Outcomes • What’s next ?– options and discussion starters
• Note – slides from materials to the SG meeting are used in this presentation
Background
• 2005 SC32 – Berlin SC32N____• 2006 SC32 – Kobe – SC32 N1451, N1452• 2006 SC32 – Tutorials (Bargmeyer, Melton) • 2006 SQL Security proposals - Japan
Note: Well known, older areas of demand, like temporal, embedded transaction, replication not addressed in this meeting
Tutorials@SC32 2006 – Bargmeyer(& the need for scenarios)
From Tutorials @ Sc32 2006 BB2
From Tutorials @ Sc32 2006 - BB3
From Tutorials @ SC32 2006(technology developments & research activity )
Participants and Topics
• 16 Participants from 6 Countries – Australia, Canada, Korea, Japan, UK, USA
• 8 Presentations. Requirements from metadata systems, rich semantic structures, RDF and Graph Query Languages, MDR, MFI, concepts systems,
• Database Security Framework/Context(… and papers from Japan)
References/Materials
• SQL/XML• Potential Directions • The Graph Query Language: Towards Unification of approaches• Database requirements Metamodel Framework for Interoperability• MDR for the Semantic Web: Supporting Ontology Concept • Query Language for MDR and XMDL • Towards Semantic Oriented Database - Metadata and Ontology - • Querying across Relational and XML data • Taking Stock – links to other Standards Activities (W3C, OMG, …) • Article: Link Mining Applications: Progress and Challenges – Ted
E Senator
• Draft DB Security Framework/Context • 4 SQL Security Papers
Purpose: Database Standards SGSC32 N1541
Expected Outcome
• The workshop would provide input to existing SC32 projects and may provide background material for new proposals for upgrades or for new work within SC32 in time for 2007 SC32 Plenary
Extract N1451
• These topics raise a number of questions about the support that is already present, could and/or should be present in our standards in WG3 and WG4 and the real size, extent, priority and alternatives associated with these requirements.
• The discussion pointed to the need to identify and understand new database requirements in these and other areas to a sufficient level to properly understand the underlying database capability requirement.
Purpose – SSSG (SQL Security Study Group) (32N1452)
• The study period will help define the requirements for an amount of expertise required over an estimated period in order to produce the required standards, and also identify interrelated work items to produce the required standards.
• The study period will address user requirements involving possible users, the relationships with other work, the technical approach and technical feasibility---including identification of reference material on technical issues and initial material where available.
Outcomes – Options ?
• Possible implications for WG2, WG3, WG4 • Scenarios – outlines of some application areas are within
presentations. Extract and elaborate further? To a level sufficient to understand DB implications?
• Presentations suggest activity to improve support for:– Graph structure; knowledge encoded in them; query support– RDF support in SQL? Via SQL/XML? Other?– Transforming SQL and RDF data– Metadata Registries, SQL/MDR or a SQL/MM part – Concept systems, ontologies and Metamodel Interoperability
Making Progress
• Exposure of materials to SC32 WGs and NBs - inadequate time so far to consider actions
• Ask WGs to review presentations and consider position
• Discuss possible progress for SC32 Closing plenary – possible new or continuing work. NB requests?
• Ad Hoc meeting to address and report to closing plenary?
Existing support – and reality
• Understand how existing capability might support requirement
• What is appropriate and realistic for SC32 to address? – expertise, resources, leverage standards and work of other groups, identify the SC32 value added areas.
Real World SQL - product metadata(courtesy Baba Piprani)
Activities and Presentations
SQL/XML Capability & near Targets
Potential Directions
21
From Bargmeyer
The Nub of It
• Processing that takes “meaning” into account• Processing based on the relations between things not
just computing about the things themselves.• Computing that takes people out of the processing,
reducing the human toil– Data access, extraction, mapping, translation,
formatting, validation, inferencing, …• Delivering higher-level results that are more helpful
for the user’s thought and action
22
From Bargmeyer ….
Semantics Challenges• Managing, harmonizing, and vetting semantics is
essential to enable enterprise semantic computing• Managing, harmonizing and vetting semantics is
important for traditional data management. – In the past we just covered the basics
• Enabling “community intelligence” through efforts similar to Wikipedia, Wikitionary, Flickr
From BB
Extraction EnginesFind concepts & relations between concepts in text, tables, data, audio, video, …Produce databases (relational tables, graph structures), and other outputFunctions - Segment, Classify, …
Some Limitations of Relational Technologies & SQL Limited graph computations
• Weak graph query language Limited object computations - Weak object query language
• Limited linkage of concept system (graphs) to data (relational, graph, object)
• Inadequate linkage of metadata to data (underspecified “catalog”)– CASE tools also disable, rather than enable data
administration & semantics management
25
Database Support for MFI (Metamodel Framework for Interoperability)
(ISO/EC19763)
Scenarios
• Construction Industry in Japan LCMN
• Registry Federation – ebXML Asia
• ECOM – Japanese Electronic Commerce
Comment: Very long transaction – 20-30 years
Level of Interoperation
Graph Query Language - Silberg
Metadata & Ontology
“Taking stock of database 'standards' activities”
– Mike Newton UK
Database Security
• Discussion identified the need for a high level security model. … And to understand where Japanese proposals fit within it.
• High level model:
High level model
1. Identity2. Authorization3. Encryption4. Intrusion5. Security External to the Database6. External and/or Governance Security Requirements7. Implementations8. Administration/Management9. Audit10. Integration with external authentication context
SSSG Action Items • Agree list of recommended items on which SC32 can act. • Executive summary of our observations and conclusions• Locate and review USA DOD Orange book • Locate and review other relevant standard – SC27 and other ISO
standards• Locate and review industry security standards, IE Payment Card
Industry• Locate and review De Jure security standards.• Evidence of requirements – brief documents/case
studies/scenarios• Request that national bodies explore the items above and bring
materials for the New York SC32 meeting.
OUTCOMES
Work, Activities, Options ?
Existing support – and reality
• Understand how existing capability might support requirement
• What is appropriate and realistic for SC32 to address? – expertise, resources, leverage standards and work of other groups, identify the SC32 value added areas.
Outcomes – Options ?
• Possible implications for WG2, WG3, WG4 • Scenarios – outlines of some application areas are within
presentations. Extract and elaborate further? To a level sufficient to understand DB implications?
• Presentations suggest activity to improve support for:– Graph structure; knowledge encoded in them; query support– RDF support in SQL? Via SQL/XML? Other?– Transforming SQL and RDF data– Metadata Registries, SQL/MDR or a SQL/MM part – Concept systems, ontologies and Metamodel Interoperability
Specifically
Consider:• Further scenario development • SQL/MDR – Korean proposal? Based on presentation
• RDF support– in SQL, from elsewhere– Transforming SQL -> RDF
• Graph and semantics support in SQL? (Adequate for the work in the scenarios)
• Other ….
Making Progress • Exposure of materials to SC32 WGs and NBs -
inadequate time so far to consider actions
• Ask WGs to review presentations and consider position
• Discuss possible progress for SC32 Closing plenary Possible new or continuing work. Requests to NBs?
• Ad Hoc meeting to address and report to closing plenary?
… and Security actions ?
• Consider use and further development of Security Model – and other sources
• Actions above ; and
• Already on WG3, WG4 agendas ?
ENDReport on:
Database Futures Study Group& Database Security Study Group
Clearwater, FlFeb 5-8 2007