This application is related to the following co-pending and commonly-assigned patent application, now pending application Ser. No. 09/397,946, entitled, xe2x80x9cOBJECT-ORIENTED FRAMEWORK FOR MANAGING ACCESS CONTROL IN A MULTIMEDIA DATABASExe2x80x9d filed on Sep. 17, 1999 by Alan T. Yaung, et al., which is incorporated by referenced herein.
1. Field of the Invention
This invention relates in general to computer implemented database management systems, and more particularly, to an access control system for a datastore.
2. Description of Related Art
A datastore is a term used to refer to a generic data storage facility, such as a relational data base, flat-file, hierarchical data base, etc.
For nearly half a century computers have been used by businesses to manage information such as numbers and text, mainly in the form of coded data. However, business data represents only a small part of the world""s information. As storage, communication and information processing technologies advance, and as their costs come down, it becomes more feasible to digitize other various types of data, store large volumes of it, and be able to distribute it on demand to users at their place of business or home.
New digitization technologies have emerged in the last decade to digitize images, audio, and video, giving birth to a new type of digital multimedia information. These multimedia objects are quite different from the business data that computers managed in the past, and often require more advanced information management system infrastructures with new capabilities. Such systems are often called xe2x80x9cdigital libraries.xe2x80x9d
Bringing new digital technologies can do much more than just replace physical objects with their electronic representation. It enables instant access to information; supports fast, accurate, and powerful search mechanisms; provides, new xe2x80x9cexperientialxe2x80x9d (i.e. virtual reality) user interfaces; and implements new ways of protecting the rights of information owners. These properties make digital library solutions even more attractive and acceptable not only to corporate Information Systems (IS) organizations, but to the information owners, publishers and service providers.
Generally, business data is created by a business process (an airline ticket reservation, a deposit at the bank, and a claim processing at an insurance company are examples). Most of these processes have been automated by computers and produce business data in digital form (text and numbers). Therefore it is usually structured coded data. Multimedia data, on the contrary, cannot be fully pre-structured (its use is not fully predictable) because it is the result of the creation of a human being or the digitization of an object of the real world (x-rays, geophysical mapping, etc.) rather than a computer algorithm.
The average size of business data in digital form is relatively small. A banking recordxe2x80x94including a customers name, address, phone number, account number, balance, etc.xe2x80x94represents at most a few hundred characters, i.e. few hundreds/thousands of bits. The digitization of multimedia information (image, audio, video) produces a large set of bits called an xe2x80x9cobjectxe2x80x9d or xe2x80x9cblobsxe2x80x9d (Binary Large Objects). For example, a digitized image of the parchments from the Vatican Library takes as much as the equivalent of 30 million characters (30 MB) to be stored. The digitization of a movie, even after compression, may take as much as the equivalent of several billions of characters (3-4 GB) to be stored.
Multimedia information is typically stored as much larger objects, ever increasing in quantity and therefore requiring special storage mechanisms. Classical business computer systems have not been designed to directly store such large objects. Specialized storage technologies may be required for certain types of information, e.g. media streamers for video or music. Because certain multimedia information needs to be preserved xe2x80x9cforeverxe2x80x9d it also requires special storage management functions providing automated back-up and migration to new storage technologies as they become available and as old technologies become obsolete.
Finally, for performance reasons, the multimedia data is often placed in the proximity of the users with the system supporting multiple distributed object servers. This often requires a logical separation between applications, indices, and data to ensure independence from any changes in the location of the data.
The indexing of business data is often imbedded into the data itself. When the automated business process stores a person""s name in the column xe2x80x9cNAME,xe2x80x9d it actually indexes that information. Multimedia information objects usually do not contain indexing information. This xe2x80x9cMeta dataxe2x80x9d needs to be created in addition by developers or librarians. The indexing information for multimedia information is often kept in xe2x80x9cbusiness likexe2x80x9d databases separated from the physical object.
One type of multimedia datastore is a Digital Library (DL). In a digital library, the multimedia object can be linked with the associated indexing information, since both are available in digital form. Integration of this legacy catalog information with the digitized object is crucial and is one of the great advantages of DL technology. Different types of objects can be categorized differently as appropriate for each object type. Existing standards like MARC records for libraries, Finding Aids for archiving of special collections, etc . . . can be used when appropriate.
The indexing information used for catalog searches in physical libraries is mostly what one can read on the covers of the books: authors name, title, publisher, ISBN , . . . enriched by other information created by librarians based on the content of the books (abstracts, subjects, keywords, . . . ). In digital libraries, the entire content of books, images, music, films, etc . . . are available and xe2x80x9cnew contentxe2x80x9d technologies are needed; technologies for full text searching, image content searching (searching based on color, texture, shape, etc . . . ), video content searching, and audio content searching. The integrated combination of catalog searches (e.g. SQL) with content searches will provide more powerful search and access functions. These technologies can also be used to partially automate further indexing, classification, and abstracting of objects based on content.
Object-Oriented approaches are generally better suited for such complex data management. The term xe2x80x9cobject-orientedxe2x80x9d refers to a software design method which uses xe2x80x9cclassesxe2x80x9d and xe2x80x9cobjectsxe2x80x9d to model abstract or real objects. An xe2x80x9cobjectxe2x80x9d is the main building block of object-oriented programming, and is a programming unit which has both data and functionality (i.e., xe2x80x9cmethodsxe2x80x9d). A xe2x80x9cclassxe2x80x9d defines the implementation of a particular kind of object, the variables and methods it uses, and the parent class it belongs to.
Along with better data management systems for multimedia datastores, such as a digital library, there is a need for improved access control to functions of an application program which operate upon data items within the multimedia datastore. The term access control generally refers to only allowing a user with the requisite privilege or right to access a requested function, while denying access to functions requested by users who do not have the requisite right or privilege.
In the domain of multimedia datastores, particularly, multimedia databases, access control to the multimedia datastore can be roughly divided into system level access control and application level access control. The former mainly deals with system related access control issues, such as read/write access for specific objects. The latter, on the contrary, deals with the access control that is specific to the application running on the top of the multimedia datastore. As multimedia database applications are becoming more complex, the need for sophisticated access to the underlying multimedia database has become very important. Unfortunately, the capability for application-specific access control within present multimedia datastores, is not well developed. In particular, access control to a multimedia datastore is still not easily implemented at the application program level.
Thus, there is a need in the art for improved access control to a multimedia datastore that solves the deficiencies mentioned above.
To overcome the limitations in the prior art described above, and to overcome other limitations that will become apparent upon reading and understanding the present specification, the present invention discloses a method, apparatus, and article of manufacture for a computer-implemented access control system that controls access by users to functions of an application program executed by a computer and connected to a multimedia datastore.
In accordance with the present invention, application privileges are defined to control access to functions of an application program which operate upon data items of the multimedia datastore. For the application program, one or more users are associated with one or more application privileges. Access by users to functions of the application program is restricted depending upon whether the user has been associated with the application privilege for the function. If the user has been associated with the application privilege, access to the function is granted, if not, access to the function is denied.