Databases Reference
In-Depth Information
entity, min, max)
checks whether the distance between user and entity
lies between min and max).
•
Movement-based conditions on the mobility of the users, such as their
velocity, acceleration
,or
direction
.
•
Interaction-based conditions relating to multiple users or entities; for in-
stance, the number of users within a given area, i.e.
density
evaluates if
the number of people in the area is within certain max and min number,
or
relative-density
predicate evaluates if the number of people surrounding
users are within the maximum and minimum area.
However, the verification of these predicates depends on the accuracy of
the location technology, thus it considers Service Level Agreement (SLA),
such as confidence and timeout. Thus, the locational predicates are evaluated
to either true or false with the confidence value and timeout,
Boolean-value,
confidence, timeout
. The confidence value expresses the level of reliability of
the Location Service result according to accuracy, and the timeout represents
the time validity of the location values that may change rapidly.
For example,
inarea(Alice, Newark) = [True,0.9,2007-11-09 11:10am]
states that the Location Service assesses as true the fact that Alice is lo-
cated in Newark with a confidence of 90%; and that such an assessment is to
be considered valid until 11:10am of November 9, 2007.
Subject
Subjects are represented with subject expression, which is a Boolean condi-
tional predicate to refer to a set of subjects depending on whether they satisfy
certain conditions. The conditions are evaluated with the user's profile, loca-
tion, the user's membership in groups or active roles.
Object
Objects are represented with a Boolean object expression, which refers to a set
of objects that satisfy the conditions in the object expression where conditions
evaluate membership of the object in categories, and values of properties on
metadata.
Action
Action is the action (or class of actions) that is allowed or denied.
LBAC Policy Rules
An access control rule is represented with a triple
,
where
subj-expr
refers to the conditional expression for subjects,
obj-expr
refers
to the conditional expression for objects, and
action
refers to a privilege mode.
subj expr, obj expr, action
