Authorize access to dynamic spatio-temporal data

Source: Internet
Author: User
Tags oracle database

Access to a single data object in a collection can be difficult when the set and user groups are large and dynamic. This becomes more complex if the authorization policy is based on the time and space references of the data object. This article takes the real-world scenario of my company Cyclomedia technology to introduce a solution to this problem, which combines two components of the Oracle Database Enterprise Edition: Spatial options and virtual private database features.

Cyclomedia Technology

Cyclomedia specializes in the systematic and large-scale visualization of the environment based on a 360-degree panoramic image (i.e. annular panorama). To create a circular panorama, take a picture of a wide area and enter it into an online database. After registering each record, location, and position, you can implement a variety of applications, such as measuring and modeling. (See the following example.) )

6JU83KS7U6PG ....
image Id record location record date Time
43C5KLF8H0CG 2005-03-12 15:22
2004-08-02 08:51
6.9008111752263,52.4115443666161 2006-06-21 12:17

Fig. 1 An example of a circular panorama using geo-spatial data

DCR7 is the newest model in a series of records system developed by Cyclomedia, which can be used to represent appearance quality, measurement precision and high speed visual record. DCR7 is able to generate an annular panorama at a speed of 5 meters and 80 km/h, Cyclomedia intentionally uses it to convert most of Europe's public space into images. As a result of these advances, the Ring Panorama collection is expected to grow rapidly.

Licensing challenges

In the Cyclomedia case, we are faced with the need to grant many users access to a collection of dynamic objects with space and time references. Authorization parameters are based on the time and space dimensions of the collection.

Traditionally, the solution to this problem is to create a static dataset or authorization table that describes each single relationship between each principal (client or user) and the objects in the collection. Building these datasets and tables typically uses professional tools to compute the spatial relationships between objects and authorized areas.

When user groups and collections are large and dynamic, it is not appropriate to build and maintain these ad hoc datasets and authorization tables to support access control. Also, ad hoc data does not support flexible protection granularity and dynamic changes in access control policies.

Several recently proposed solutions have different drawbacks. The main causes of these shortcomings are related to the architecture of the proposed solution. Authorization is enforced outside the database, or authorization is enforced after the query is executed, thereby limiting the use of the data. Even the Open geospatial Consortium the current proposed new standard GEOXACML architecture is problematic. Based on standards for spatial data (GML, WMS) and Authorization (XACML), it provides an unprotected Web map service with a solution that does not need to change the existing infrastructure for access control. To this end, it intercepts messages transmitted to WMS, performs retrieval tasks on the target WMS, sends the results to the decision point, and then creates a result set based on the resulting authorization.

This concept is largely based on this architectural prototype, which can lead to inefficient consequences: All data is selected from the original database and then converted to GML, and the external tools are used to divide and compute the features according to the authorization policy. Therefore, the spatial index in the original database cannot be used, and the space comparison function must be implemented in other components. In addition, the architecture cannot perform complex analysis tasks because the data is first selected and then filtered according to the authorization policy. Even a simple query has recently been a neighbor problem: You may end up finding that the most recent object you chose at the beginning is unreachable.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.