Databases Reference
In-Depth Information
and the profile vectors of the user request and the corresponding counterparts
of each node
N
involved in the top-down traversal recursively. The comparison
between
N
and SMR during the traversal results in the following cases.
If (
SMR
(
U
→
is disjoint with
N
→
): The dis-
joint relationship implies that all the moving objects stored at the subtree
rooted at
N
are not within the spatiotemporal region or do not meet the
profile condition for the user request
SMR
. Regardless of the existence of
authorizations for the requester at
N
, the moving objects stored at the
subtree rooted at
N
are not within the user's interests. Therefore, the
traversal stops regardless of the existence of overlaid authorizations.
is disjoint with
N
)
•
∨
Else if (
SMR
overlaps with
N
)
(
SMR
→
overlaps with
N
→
)): If there
is no authorization for the requester which is overlaid on
N
, the level of
node decides the evaluation result. If
N
is a non-leaf node, access control
decision cannot be made at the node
N
because there is a possibility that
a relevant authorization may be overlaid on a descendent node of
N
.Thus,
the evaluation process will be performed for all the children nodes of
N
.
If
N
is a leaf node, we reject the access request because there exists no
relevant authorization during the traversal.
If there exist an authorization for the requester among the overlaid au-
thorizations in
N
, the node level also decides the decision as well. If
N
is a non-leaf node, although all the moving objects stored at the subtree
rooted at
N
are authorized, the user wants to retrieve a subset of moving
objects whose locations are within
SMR
and whose profiles are enclosed
by
SMR
→
. Therefore, for the subtree rooted at
N
, we retrieve moving
objects whose location overlaps with
SMR
and whose profile condition
overlaps with
SMR
→
. Thus, evaluation is delayed to each child node of
N
, and the same comparison will occur recursively. If
N
is a leaf node,
because we overlay authorizations on a leaf-node in an enclosing case as
well as overlapping case, not all of the moving objects in
N
are autho-
rized. Thus, for all the authorizations overlaid on
N
, return the moving
objects that are located within the intersection area between
α
and
U
and whose profiles are overlapped with the bitwise AND operation of
α
→
and
U
→
.
•
∨
Else, implying the case of (
SMR
encloses
N
)
(
SMR
→
encloses
N
→
):
If there exists at least one relevant authorization for the requester on
N
,
thenodelevelof
N
decides the access control decision. If
N
is a non-leaf
node, because the spatiotemporal extents and profiles stored at the subtree
rooted at
N
are authorized, all the moving objects stored at leaf nodes
of the subtree rooted at
N
are allowed to be accessed by the requester.
Therefore, there is no need to evaluate authorizations on the subtree rooted
at
N
. In addition, spatiotemporal and profile vector comparisons would not
be required because all the moving objects stored at the subtree rooted
at
N
are within the user's interests. If
N
is a leaf node, some of the
moving objects in
N
may not be authorized if the overlaid authorizations
•
∧
