Databases on the Internet
David [email protected]
4th
CEEN
et W
orks
hop
on N
etwo
rk
Tech
nolo
gyBratislava, Slovakia, August 21-31, 1998
OutlineClassical databasesWhy should it be different in the Internet?Organizing the data with the Araneus methodologyBuilding dynamically a web site with the Target Form ExpressionDealing with securityUsing transactions and workflows
Classical Databasesconceptual level
definition of concepts and relations among them
logical leveldatabase technology applied
DBMS leveldata storage, queries,
transactions, ...
Entity-Relationship(ER) model
Relational model
Oracle DBMS
Classical Database EnvironmentA classical Database Management System (DBMS) is composed of:
data repositor
y
request processi
nginterpretation of requests
transaction manager
fault-tolerance module
concurrency control
ACID properties
Atomicity (all or nothing)ConsistencyIsolationDurability
What is different with the Internet?Hypertext data:
relational tables are 2-dimensions:tuples (lines)attributes (columns)
relational tables do not content navigational data ;hypertext pages implements the third dimension of access path to the data
Entity-relation scheme must evolve;Relations must be queried with the third dimension in mind.
Consequences:
What is different with the Internet?Internet technology:
no guaranty of service (the RSVP is not fullyimplemented in IP, expected to be in IPng);
unsecure channel of communication;lack of the notion of user (only machines);
high probability of system crash;very sensible to scale problems.we must implement recovery protocols;we must implement security features.
Consequences:
What is different with the Internet?User behaviour:
the user's actions are unknown and unpredictable
we cannot use tightly coupled integrationof the servers;we must define a minimal set of mandatoryfunctionalities for interoperation.
Strong heterogeneity:a DBMS cannot know every other DBMS technology to interact
Consequences:
Organizing the data for their use via the Web
Web sites containing valuable pieces of informationWeb sites containing high volume of data, retrieved from databasesData organized in hypertextual form (access paths are part of the model)
What we have:
Organizing the data for their use via the WebWhat we need:a methodology for the:
Database design processHypertext design process
a tool for:generating web sites from databasesmaintaining these web sites
The ARANEUS Project (Univ. Roma 3)Database Conceptual
Design(Entity-Relationship
model)1
Database Logical Design(Relational model)2
Hypertext Conceptual Design
(Hypertext Conceptual Scheme)
3
Hypertext Logical Design(Hypertext Logical
Scheme)4
Presentation Design(Page Template)5
Hypertext to DB mapping, Page Generation(Web site)
6
The ARANEUS Project
professor teaching course1:
N1:1
room place lesson
program
researcher person
University ER scheme
1:N
1:11:
11:N
–name–type
–day–hour
–roomNum
–phone
–name–photo–e-mail
The ARANEUS ProjectFrom ER schemes to Hypertext Conceptual schemesSelecting Macroentities (objects relevant and independent)Designing Directed Relationships (precise the direction of navigation)Designing Union Nodes and Aggregations (representation of the IS-A relationship)
The ARANEUS Project
professor teaching course1:
N1:1
room place lesson
program
researcher person
Selecting Macroentities (objects relevant and independent)
1:N
1:11:
11:N
–name–type
–day–hour
–roomNum
–phone
–name–photo–e-mail
The ARANEUS Project
professor teaching course1:
N1:1
room place lesson
program
researcher person
Selecting Macroentities (objects relevant and independent)
1:N
1:11:
11:N
–name–type
–day–hour
–roomNum
–phone
–name–photo–e-mail
The ARANEUS Project
professor teaching course1:
N1:1
room place lesson
program
researcher person
Designing Directed Relationships (precise the direction of navigation)
1:N
1:11:
11:N
–name–type
–day–hour
–roomNum
–phone
–name–photo–e-mail
The ARANEUS ProjectDesigning Union Nodes and Aggregations (representation of the IS-A relationship)
professor teaching course1:
N1:1
room place lesson
program
researcher person
1:N
1:11:
11:N
–name–type
–day–hour
–roomNum
–phone
–name–photo–e-mail
The ARANEUS ProjectDepartment Hypertext Conceptual Scheme department
education research general
people
professor student
teaching
course
type =undergraduate
type =graduate
namephonephotoe-mail
1:N
1:1
dayhourroomNum
1:N
nametyp
e
The ARANEUS Project
From Hypertext Conceptual schemes to Hypertext Logical DesignMapping Macroentities (to pages or lists)Mapping Directed Relationships (to links between pages)Mapping Aggregations (pages + lists + links)
The ARANEUS ProjectMapping Macroentities to pages
professor
na
mephonephotoe-
mailroo
m...
namephonephotoe-mailroom...
mapping
The ARANEUS ProjectMapping Macroentities to lists
seminar
titl
eauthordatehourroo
m...
mapping
titleauthordatehourroom...
seminar list
The ARANEUS ProjectMapping Directed relationships to links
professor
na
mephonephotoe-
mailroo
m...
mappingteache
r
course1:N
1:1
dayhourroomNum
1:N
nametype
toughtby
professor page n
amephonephotoe-mailroom
nameto course
course list
course page n
ametype
dayhourroom
time table
nameto professor
The ARANEUS Project (Univ. Roma 3)Database Conceptual
Design(Entity-Relationship
model)Hypertext Conceptual
Design(Hypertext Conceptual
Scheme)
Hypertext Logical Design(Hypertext Logical
Scheme)
Presentation Design(Page Template)
Hypertext to DB mapping, Page Generation(Web site)
Database Logical Design(Relational model)
1
2
3
4
5
6Dynamic page generation
Querying the databases (browsing and navigating)
a query language to make DB requestsa tool for presenting the result of the request:
in HTML formin any form
What we need:
The Target Form Expression (TFE) project (Univ. of Keio, Japan)Idea: Extending SQL to add publishing facilitiesthe result of a query is presented in a structured document (HTML, Java, LaTeX, ...)
To give a comparison: Allaire's Cold Fusion does not allow grouping or hyperlink generation (necessary for structuring documents)
The Target Form Expression projectGENERATE keyword
GENERATE <medium> <TFE><medium> = HTML, LaTeX, Java, Excel, TCLTK, O2C, SQL<TFE> = expression, = tuple connector
! = row connector% = depth (link) operator[ and ] = repeaters
[emp.name, emp.salary]!
= list of tuples (names, salary)
[store.name, [dept.name ! [emp.name]!, [item.name]!]!]%
The Target Form Expression projectExample of a movie databasefilm
id
title
type
year
pict
actor
id
name
birth
face
film, actorcas
t
The Target Form Expression project
action horrordramacomedy
select a category
1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day
1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup
The first wives club
Diane Keaton1946Goldie Hawn1945Bette Middler1945
generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id
The Target Form Expression project
action horrordramacomedy
select a category generate html verb(select a category) !
[f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id
The Target Form Expression project
action horrordramacomedy
select a category generate html verb(select a category) !
[f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id
The Target Form Expression project
action horrordramacomedy
select a category
1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day
1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup
generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id
The Target Form Expression project
action horrordramacomedy
select a category
1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day
1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup
generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id
The Target Form Expression project
action horrordramacomedy
select a category
1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day
1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup
The first wives club
generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id
The Target Form Expression project
action horrordramacomedy
select a category
1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day
1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup
The first wives club
generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id
The Target Form Expression project
action horrordramacomedy
select a category
1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day
1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup
The first wives club
Goldie Hawn1945
generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id
Diane Keaton1946Bette Middler1945
The Target Form Expression projectINVOKE keyword
allow dynamic queries inside queries(recursive queries)
With TFE we have a tool to dynamically create a web site from an existing database, at the whish of the user
Classical Database EnvironmentEnvironment of a classical DBMS:
DBDBMS
secure environment
Classical Database EnvironmentMultidatabases - Federated DBMSCooperative work, ...
DBDBMS 2DB
DBMS 1
Securing the databasesNormal flow
Sender
receiver
The Internet introduces threats for the DBMS and the users.4 attacks among the more frequentInterception
ModificationFabricationInterruption
Confidentiality
Cannot help a message to be intercepted;The message must not be disclosed;Confidentiality of data (Privacy)
Encryption (e.g. Secure Socket Layer - SSL)
Interception
Dangerous behavioursModification
Fabrication
Dangerous behaviours
A user cannot deny having received or sent a message.Non-Repudiation schemas, based on the
authentication of user.
A user must really be who he claims to be.Authentication of user
Authentication certificates delivered by a "Thrustee"
Dangerous behavioursInterruption
A user cannot help a communication to being cut.
Recovery procedures, based on time-outs and logging.
Securing the databasesThe iSaSiLk toolbox (Univ. of Vienna)Written in JavaProvides cryptography primitives (possibility to implement SSL sockets)Provides authentication primitivesProvides certificate managementFree for use for academic partners(not free for industry)
Transactions in the InternetTransactions are a very common tool in databasesThey provide isolation of concurrent activitiesThey are fault tolerant processesThey have been extensively studied in distributed environment
ButThey lack security and scalability in the Internet
Example in Electronic Commerce
Internet
Example in Electronic Commerce
Internet
I want...
Example in Electronic Commerce
Internet
the same shirt asSandra Bullock's in"The Net", and...
Example in Electronic Commerce
Internet
the same hat asIngrid Bergman'sin "Casablanca"!
Example in Electronic Commerce
Internet
Example in Electronic Commerce
Internet
ACID AtomicityConsistencyIsolationDurability
Example in Electronic Commerce
Internet
ACID AtomicityConsistencyIsolationDurability
Secure ConfidentialtyAuthenticationNon-Repudiation
Example in Atomic File Transfer Protocol
Internet
Sofware update
Server A
Server B
System administrator
Example in Atomic File Transfer Protocol
Internet
Server A
Server B
System administrator
Example in Atomic File Transfer Protocol
Internet
Server A
Server B
System administrator
Example in Atomic File Transfer Protocol
Internet
Server A
Server B
Installation application
Example in Internet Aided Manufacturing
Internet
New extension card for PC
Example in Internet Aided Manufacturing
Internet
New extension card for PC
Printed circuit manufacturer
Example in Internet Aided Manufacturing
Internet
New extension card for PC
Printed circuit manufacturer
Electronic component supplier
Example in Internet Aided Manufacturing
Internet
New extension card for PC
Printed circuit manufacturer
Electronic component supplier
Example in Internet Aided Manufacturing
Internet
Integrator
Towards workflows
Transactions in the Internet
Transaction Internet Protocol (TIP)Corba OTS (Object Transaction Service)X/Open DTP (Distributed Transaction Processing)
Related work on transactions:
Workflows on the InternetA workflow business process:
procedures
Workflows on the Internet
Process (separation of business logic from function logic)Organization (who is doing what)Infrastructure (what has to be done manually, with computer, ...)
3 levels in a workflow:
Workflows on the InternetFlowmarkFlowmanInConcertStaffwareViewStar...
Resume of part 1We know how to modelize and represent a databaseWe know how to query the database and visualize the resultsWe are aware of security and fault-tolerance problems