Databases on the Internet

David BillardDavid.Billard@cui.unige.ch

4th

CEEN

et W

orks

hop

on N

etwo

rk

Tech

nolo

gyBratislava, Slovakia, August 21-31, 1998

OutlineClassical databasesWhy should it be different in the Internet?Organizing the data with the Araneus methodologyBuilding dynamically a web site with the Target Form ExpressionDealing with securityUsing transactions and workflows

Classical Databasesconceptual level

definition of concepts and relations among them

logical leveldatabase technology applied

DBMS leveldata storage, queries,

transactions, ...

Entity-Relationship(ER) model

Relational model

Oracle DBMS

Classical Database EnvironmentA classical Database Management System (DBMS) is composed of:

data repositor

y

request processi

nginterpretation of requests

transaction manager

fault-tolerance module

concurrency control

ACID properties

Atomicity (all or nothing)ConsistencyIsolationDurability

What is different with the Internet?Hypertext data:

relational tables are 2-dimensions:tuples (lines)attributes (columns)

relational tables do not content navigational data ;hypertext pages implements the third dimension of access path to the data

Entity-relation scheme must evolve;Relations must be queried with the third dimension in mind.

Consequences:

What is different with the Internet?Internet technology:

no guaranty of service (the RSVP is not fullyimplemented in IP, expected to be in IPng);

unsecure channel of communication;lack of the notion of user (only machines);

high probability of system crash;very sensible to scale problems.we must implement recovery protocols;we must implement security features.

Consequences:

What is different with the Internet?User behaviour:

the user's actions are unknown and unpredictable

we cannot use tightly coupled integrationof the servers;we must define a minimal set of mandatoryfunctionalities for interoperation.

Strong heterogeneity:a DBMS cannot know every other DBMS technology to interact

Consequences:

Organizing the data for their use via the Web

Web sites containing valuable pieces of informationWeb sites containing high volume of data, retrieved from databasesData organized in hypertextual form (access paths are part of the model)

What we have:

Organizing the data for their use via the WebWhat we need:a methodology for the:

Database design processHypertext design process

a tool for:generating web sites from databasesmaintaining these web sites

The ARANEUS Project (Univ. Roma 3)Database Conceptual

Design(Entity-Relationship

model)1

Database Logical Design(Relational model)2

Hypertext Conceptual Design

(Hypertext Conceptual Scheme)

3

Hypertext Logical Design(Hypertext Logical

Scheme)4

Presentation Design(Page Template)5

Hypertext to DB mapping, Page Generation(Web site)

6

The ARANEUS Project

professor teaching course1:

N1:1

room place lesson

program

researcher person

University ER scheme

1:N

1:11:

11:N

–name–type

–day–hour

–roomNum

–phone

–name–photo–e-mail

The ARANEUS ProjectFrom ER schemes to Hypertext Conceptual schemesSelecting Macroentities (objects relevant and independent)Designing Directed Relationships (precise the direction of navigation)Designing Union Nodes and Aggregations (representation of the IS-A relationship)

The ARANEUS Project

professor teaching course1:

N1:1

room place lesson

program

researcher person

Selecting Macroentities (objects relevant and independent)

1:N

1:11:

11:N

–name–type

–day–hour

–roomNum

–phone

–name–photo–e-mail

The ARANEUS Project

professor teaching course1:

N1:1

room place lesson

program

researcher person

Selecting Macroentities (objects relevant and independent)

1:N

1:11:

11:N

–name–type

–day–hour

–roomNum

–phone

–name–photo–e-mail

The ARANEUS Project

professor teaching course1:

N1:1

room place lesson

program

researcher person

Designing Directed Relationships (precise the direction of navigation)

1:N

1:11:

11:N

–name–type

–day–hour

–roomNum

–phone

–name–photo–e-mail

The ARANEUS ProjectDesigning Union Nodes and Aggregations (representation of the IS-A relationship)

professor teaching course1:

N1:1

room place lesson

program

researcher person

1:N

1:11:

11:N

–name–type

–day–hour

–roomNum

–phone

–name–photo–e-mail

The ARANEUS ProjectDepartment Hypertext Conceptual Scheme department

education research general

people

professor student

teaching

course

type =undergraduate

type =graduate

namephonephotoe-mail

1:N

1:1

dayhourroomNum

1:N

nametyp

e

The ARANEUS Project

From Hypertext Conceptual schemes to Hypertext Logical DesignMapping Macroentities (to pages or lists)Mapping Directed Relationships (to links between pages)Mapping Aggregations (pages + lists + links)

The ARANEUS ProjectMapping Macroentities to pages

professor

na

mephonephotoe-

mailroo

m...

namephonephotoe-mailroom...

mapping

The ARANEUS ProjectMapping Macroentities to lists

seminar

titl

eauthordatehourroo

m...

mapping

titleauthordatehourroom...

seminar list

The ARANEUS ProjectMapping Directed relationships to links

professor

na

mephonephotoe-

mailroo

m...

mappingteache

r

course1:N

1:1

dayhourroomNum

1:N

nametype

toughtby

professor page n

amephonephotoe-mailroom

nameto course

course list

course page n

ametype

dayhourroom

time table

nameto professor

The ARANEUS Project (Univ. Roma 3)Database Conceptual

Design(Entity-Relationship

model)Hypertext Conceptual

Design(Hypertext Conceptual

Scheme)

Hypertext Logical Design(Hypertext Logical

Scheme)

Presentation Design(Page Template)

Hypertext to DB mapping, Page Generation(Web site)

Database Logical Design(Relational model)

1

2

3

4

5

6Dynamic page generation

Querying the databases (browsing and navigating)

a query language to make DB requestsa tool for presenting the result of the request:

in HTML formin any form

What we need:

The Target Form Expression (TFE) project (Univ. of Keio, Japan)Idea: Extending SQL to add publishing facilitiesthe result of a query is presented in a structured document (HTML, Java, LaTeX, ...)

To give a comparison: Allaire's Cold Fusion does not allow grouping or hyperlink generation (necessary for structuring documents)

The Target Form Expression projectGENERATE keyword

GENERATE <medium> <TFE><medium> = HTML, LaTeX, Java, Excel, TCLTK, O2C, SQL<TFE> = expression, = tuple connector

! = row connector% = depth (link) operator[ and ] = repeaters

[emp.name, emp.salary]!

= list of tuples (names, salary)

[store.name, [dept.name ! [emp.name]!, [item.name]!]!]%

The Target Form Expression projectExample of a movie databasefilm

id

title

type

year

pict

actor

id

name

birth

face

film, actorcas

t

The Target Form Expression project

action horrordramacomedy

select a category

1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day

1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup

The first wives club

Diane Keaton1946Goldie Hawn1945Bette Middler1945

generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id

The Target Form Expression project

action horrordramacomedy

select a category generate html verb(select a category) !

[f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id

The Target Form Expression project

action horrordramacomedy

select a category generate html verb(select a category) !

[f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id

The Target Form Expression project

action horrordramacomedy

select a category

1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day

1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup

generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id

The Target Form Expression project

action horrordramacomedy

select a category

1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day

1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup

generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id

The Target Form Expression project

action horrordramacomedy

select a category

1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day

1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup

The first wives club

generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id

The Target Form Expression project

action horrordramacomedy

select a category

1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day

1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup

The first wives club

generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id

The Target Form Expression project

action horrordramacomedy

select a category

1997 Batman and Robin Speed 21996 Mission impossible 2 Independence day

1997 My best friend's wedding Out to sea1996 Dear God The first wives club Nutty professor Tin cup

The first wives club

Goldie Hawn1945

generate html verb(select a category) ![f.type % [f.year, [f.title % {f.title ! imagefile(f.pict) ! [imagefile(a.face), a.name, a.birth]!}]!]!],from film f, cast c, actor awhere f.id = c.film and c.actor = a.id

Diane Keaton1946Bette Middler1945

The Target Form Expression projectINVOKE keyword

allow dynamic queries inside queries(recursive queries)

With TFE we have a tool to dynamically create a web site from an existing database, at the whish of the user

Classical Database EnvironmentEnvironment of a classical DBMS:

DBDBMS

secure environment

Classical Database EnvironmentMultidatabases - Federated DBMSCooperative work, ...

DBDBMS 2DB

DBMS 1

Securing the databasesNormal flow

Sender

receiver

The Internet introduces threats for the DBMS and the users.4 attacks among the more frequentInterception

ModificationFabricationInterruption

Confidentiality

Cannot help a message to be intercepted;The message must not be disclosed;Confidentiality of data (Privacy)

Encryption (e.g. Secure Socket Layer - SSL)

Interception

Dangerous behavioursModification

Fabrication

Dangerous behaviours

A user cannot deny having received or sent a message.Non-Repudiation schemas, based on the

authentication of user.

A user must really be who he claims to be.Authentication of user

Authentication certificates delivered by a "Thrustee"

Dangerous behavioursInterruption

A user cannot help a communication to being cut.

Recovery procedures, based on time-outs and logging.

Securing the databasesThe iSaSiLk toolbox (Univ. of Vienna)Written in JavaProvides cryptography primitives (possibility to implement SSL sockets)Provides authentication primitivesProvides certificate managementFree for use for academic partners(not free for industry)

Transactions in the InternetTransactions are a very common tool in databasesThey provide isolation of concurrent activitiesThey are fault tolerant processesThey have been extensively studied in distributed environment

ButThey lack security and scalability in the Internet

Example in Electronic Commerce

Internet

Example in Electronic Commerce

Internet

I want...

Example in Electronic Commerce

Internet

the same shirt asSandra Bullock's in"The Net", and...

Example in Electronic Commerce

Internet

the same hat asIngrid Bergman'sin "Casablanca"!

Example in Electronic Commerce

Internet

Example in Electronic Commerce

Internet

ACID AtomicityConsistencyIsolationDurability

Example in Electronic Commerce

Internet

ACID AtomicityConsistencyIsolationDurability

Secure ConfidentialtyAuthenticationNon-Repudiation

Example in Atomic File Transfer Protocol

Internet

Sofware update

Server A

Server B

System administrator

Example in Atomic File Transfer Protocol

Internet

Server A

Server B

System administrator

Example in Atomic File Transfer Protocol

Internet

Server A

Server B

System administrator

Example in Atomic File Transfer Protocol

Internet

Server A

Server B

Installation application

Example in Internet Aided Manufacturing

Internet

New extension card for PC

Example in Internet Aided Manufacturing

Internet

New extension card for PC

Printed circuit manufacturer

Example in Internet Aided Manufacturing

Internet

New extension card for PC

Printed circuit manufacturer

Electronic component supplier

Example in Internet Aided Manufacturing

Internet

New extension card for PC

Printed circuit manufacturer

Electronic component supplier

Example in Internet Aided Manufacturing

Internet

Integrator

Towards workflows

Transactions in the Internet

Transaction Internet Protocol (TIP)Corba OTS (Object Transaction Service)X/Open DTP (Distributed Transaction Processing)

Related work on transactions:

Workflows on the InternetA workflow business process:

procedures

Workflows on the Internet

Process (separation of business logic from function logic)Organization (who is doing what)Infrastructure (what has to be done manually, with computer, ...)

3 levels in a workflow:

Workflows on the InternetFlowmarkFlowmanInConcertStaffwareViewStar...

Resume of part 1We know how to modelize and represent a databaseWe know how to query the database and visualize the resultsWe are aware of security and fault-tolerance problems