ISO/IEC 10032:1995

INTERNATIONAL ISO/IEC
STANDARD
First edition
1995-05-I 5
Information technology - Reference
Model of Data Management
Technologies de I’informa Con - Mod&/e de rbf&ence pour la gestion de
don&es
Reference number
ISO/lEC 10032:1995(E)
Contents Page
ix
Foreword .
Introduction . x
................................................ 1
1 Scope
2 Definitions . 1
3 Svmbols and abbreviations .
c
Symbols . 5
3.1
3.2 Abbreviations .
4 Data Management Requirements . 7
4.1 Purpose .
4.2 Information systems .
............. 8
4.2.1 Context of Data Management in an Information System
4.3 Database and schema . 9
.................................... 9
4.4 Data Modelling Facility
4.5 Data independence . 10
4.6 Data management services . 10
................................. 10
4.7 Processors and interfaces
4.8 Access control . 10
4.8.1 Definition and modification of access control privileges .
4.8.2 Enforcement of access control . 11
(CJ ISO/IEC 1995
AI1 rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized
in any form or by any means, electronic or mechanical, including photocopying and microfilm, without
permission in writing from the publisher.
ISO/IEC Copyright Office Case postale 56 CH-1211 Geneve 20 Switzerland
Printed in Switzerland
ii
@ ISO/IEC
......................... 11
4.8.3 Security external to data management
............. 11
4.9 Operational requirements to support data management
......................... 12
4.9.1 Information systems life cycle support
............
4.9.2 Configuration management, version control and variants
4.9.3 Concurrentprocessing. .
........................... 13
4.9.4 Database transaction management
.................................. 13
4.9.5 Performance engineering
....................................... 13
4.9.6 Referencing data.
........................... 14
Extensible Data Modelling Facility
4.9.7
....... 14
4.9.8 Support for different Data Modelling Facilities at user interface
Audittrails .
4.9.9
4.9.10 Recovery .
................................. 14
Logical data restructuring
4.9.11
.............................. 14
4.9.12 Physical storage reorganization
4.10 Additional operational requirements to support data management in a
.............................. 14
distributed information system
...................................... 15
4.10.1 Distribution control
........................... 16
4.10.2 Database transaction management
........................................ 16
4.10.3 Communications
......................................... 17
4.10.4 Export/import
.................................
4.10.5 Distribution independence
....................................... 17
System autonomy
4.10.6
........................... 17
4.10.7 Recovery of a distributed database
...................................... 17
Dictionary systems
4.11
................ 18
Concepts for data level pairs and related processes
5.1 Purpose .
...
@ ISO/IEC
5.2 Levelpairs .
................................... 18
Interlocking level pairs
5.2.1
................................ 19
5.2.2 Recursiveuseoflevelpairs
..................................
Operations on level pairs
5.2.3
............. 21
5.3 Dependence of level pairs on a Data Modelling Facility
......................... 21
5.3.1 Level pairs and data structuring rules
....................... 21
5.3.2 Level pairs and data manipulation rules
.......................... 21
5.4 Level pairs and associated processes
...............................
5.5 Access control for level pairs
..................................... 24
5.6 Schemamodification
.....................................
6 Architectural model
6.1 Purpose .
......................................
62 . Modelling concepts
...................
6.2.1 Characteristics of Reference Model processors
.....................................
6.2.2 Levels of abstraction
................................... 26
Notation for processors
6.2.3
........................
6.3 The generic model of data management
............................... 27
6.3.1 Generic Database Controller
.........................................
6.3.2 User Processor
..............................................
6.3.3 User.
..............
64 . Specialization of the model in different environments
.................................... 29
6.5 Database environment
.............................. 3 1
66 . Distributed data management
Distribution Controller .
6.6.1
...................
6.6.2 Role of Distribution Controller and level pairs
iv
@ ISO/lEC
.................................... 32
6.7 Export/Import model
......................... 33
6.8 Access Control for Data Management
Objectives and principles for data management standardization . 0 . . e . . 34
7.1 Purpose .
7.2 Technical objectives associated with data management standardization * . . 35
..........................
7.2.1 Support for all distributed scenarios 35
................................... 36
7.2.2 Location independence
.................. 36
7.2.3 Standardized database transaction management
............................. 36
7.2.4 Export and import of databases
.......................... 37
Reduced complexity of handling data
7.2.5
.................... 37
7.2.6 Overall performance in distributed scenarios
...................................... 37
7.2.7 Data independence
.................................... 37
7.2.8 Application portability
...........................
7.2.9 Extensible Data Modelling Facility 37
......................... 38
7.2.10 Flexible presentation of data to users
...............................
Means of achieving objectives 38
7.3
................... 38
7.3.1 Same data modelling facility for each level pair
Same interchange mechanism for all level pairs . 39
7.3.2
....................... 39
7.3.3 Same processors usable for all level pairs
............. 39
7.3.4 Standardized services at Database Controller interface
....................... 39
7.3.5 Standardized approach to access control
7.3.6 Standardized representation of data needed to facilitate interoperability
................................................... 39
................................ 40
7.3.7 Support data fragmentation
.....................
Separation of logical and physical structures 40
7.3.8
........................... 40
7.3.9 Access to schema during execution

ISO/IEC @ Iso/Ec
10032:1995(E)
7.3.10 User data modelling facility different from interchange data modelling facility
...................................................
........................ 41
7.4 Aspects of data management standards
...................... 41
Categories of data management standard
7.4.1
................ 41
7.4.2 Role of a data modelling facility in standardization
.................................... 42
Standardization styles
7.4.3
Annex A
(informative)
............................. 43
Related International Standards
Annex B
(informative)
Relationship of existing and developing database standards to the architecture
....................
of the Reference Model of Data Management
B.l Purpose .
..................................... 44
B.2 Database Languages
8.2.2 NDL .
..................
B.3 Information Resource Dictionary System, IRDS
IRDSFramework .
B.3.1
..................................
B.3.2 IRDS Services Interface
.............................. 49
B.4 Remote Database Access, RDA
B.5 Export/Import. .
..............................
5 1
B.6 Candidates for standardization
Annex C
(informative)
Index of terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
vi
@ ISO/IEC
Figures
..... 8
Figure 1 - Position of Data Management System within an Information System
.....................................
Figure 2 - Level pair construct
....................................
Figure 3 - Interlocking level pair
..........................
Figure 4 - Generalized interlocking level pairs
.............................. 22
Figure 5 - Creation of an empty database
.............................
Figure 6 - Binding and data manipulation
................................
Figure 7 - Example processor diagram
.......................
Figure 8 - The generic model of data management
.................... 29
Figure 9 - Example of access to a database environment
............... 30
Figure 10 - Example of access to many database environments
..............................
3 1
Figure 11 - Distributed data management
...............................
Figure 12 - The model of export/import
....................
Figure 13 - Access control in a distributed environment
........... 45
Figure B.l - Generic model of data management specialized for SQL
........ 46
Figure B.2 - Model of distributed data management specialized for SQL
......................
Figure B.3 - Position of an NDL Database Controller
..........
Figure B.4 - Generic model of data management specialized for IRDS
....
Figure B.5 - Model of distributed data management specialized for RDA SQL 50
........................ 50
Figure B.6 - Export/Import for an SQL database
............... 51
Figure B.7 - Position of RDA for distributed data management
Tables
...................... 44
Table B.l - Relation of terms: SQLRMDM clause 6
...................... 45
Table B.2 - Relation of terms: SQLRMDM clause 5
...........................
Table B.3 - Relation of terms: IRDSKMDM
..................... 48
Table B.4 - Relation of terms: IRDSRMDM clause 5
vii
Foreword
IS0 (the International Organization for Standardization) and IEC (International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of IS0 or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. IS0 and IEC technical committees collaborate in fields of mutual interest.
Other international organizations, governmental and non-governmental, in liaison with IS0 and
IEC, also take part in the work.
In the field of information technology, IS0 and IEC have established a joint technical
committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical
committee are circulated to the national bodies for voting. Publication as an International
Standard requires approval by at least 75% of the member bodies casting a vote.
International Standard ISOKEC 10032 was prepared by Joint Technical Committee JTC 1,
Information Technology, Subcommittee 21, qen systems interconnection, data management
and open distributed processing.
Annexes A, B and C of this International Standard are for information only.
. . .
Vlll
ISO/IEC 10032: 1995(E)
@ ISO/IEC
Introduction
ISO, in specifying a Reference Model of Data Management, recognizes that there are many
implementors of data management systems. It is inevitable that different implementors use
different terms to specify or refer to similar data management functions. Furthermore, the use
of the same term to describe different functions is also common. There is a clear need to
standardize the data management functions. This International Standard fulfils that role by
presenting a Reference Model of Data Management and defining the areas of this model which
lend themselves to standardization.
This International Standard defmes the Reference Model of Data Management. It provides a
common basis for the coordination of standards development for the purpose of data
management, while allowing existing and emerging standards to be placed into perspective.
The term “data management” includes the description, creation, modification, use and control
of data in information systems. Such data management functions may be performed as a
common service for information systems applications. Alternatively, each application may
define and control the data relevant to it. In the case in which data management functions are
performed as a common service, it is desirable to provide standardized facilities for data access
and control in order to permit the sharing of data by a number of users. Such standardization
requires the determination of a number of interfaces for which individual standards may be
developed.
Standard are to provide a framework allowing, within the
The objectives of this International
scope specified in clause 1, for the following:
a) identification of interfaces;
b) positioning all such interfaces relative to each other;
c) identification of facilities provided at each interface;
identification of the process which supports each interface where
appropriate, of the data required for such support
positioning the use of the interfaces in terms of an information systems life cycle;
associated with each appropriate
f) identification of the binding alternatives
identified interface.
There are three major objectives which are applied in this International Standard to data
management standardization. These are as follows:
a) Shareability of resources
b) Minimize cost of supporting an information system over its life cycle
c) Optimum use of standardization effort.

@ ISO/IEC
ISODEC 10032:1995(E)
The shareability of resources objective applies to both information resources as represented by
data in databases and to processor resources of the kind described in clause 6. There is
particular emphasis on the shareability of information resources located at different places and
All shareability of resources is subject to
developed using different hardware and software.
access control.
minimizing the cost of supporting an information system applies to all phases
The objective of
of the information system life cycle, including design, development, operation and maintenance
costs.
reducing the
The objective associated with the optimum use of standardization effort refers to
number of standards required to simplifying the content of such standards.
and
This International Standard identifies areas for developing or improving standards, and provides
a common framework for maintaining consistency of all related standards.
This International Standard provides a framework which allows teams of experts to work
productively and independently on the development of standards for different components of
information systems.
This International Standard has sufficient generality to accommodate the development of new
standards in response to advances in technology.
The description of the Reference Model of Data Management given in this International
Standard is presented as follows:
- Clause 4 introduces data management and the requirements on info rmation
systems;
Reference Model
- Clause 5 explains the data concepts that are required for the
and how they relate to
each other and the process concepts;
Clause 6 provides an architectural model within which different data and
processing components relevant to data management can be placed;
- Clause 7 describes the objectives principles for data management
standardization;
Annex A is a list of related International Standards;
- Annex B shows how the existing and future SC 21/WG3 standards relate to the
architectural model described in clause 6;
Annex C is an index of terms.
This International Standard specifies the classes of services that are expected to be provided by
data management, and it provides a framework which describes the way in which they are
related to each other. However, data management does not exist in isolation but within an
environment providing other services such as data storage and communication, as is described
in clause 4.
X
ISOIIEC 10032:1995(E)
@ ISO/IEC
Prior to completion of work on this International Standard, data management standards were
developed within ISO/IEC as indicated in annex A of this document. The positioning of such
International Standards using the Reference Model of Data Management is described in annex
B.
This page intentionally left blank

INTERNATIONAL STANDARD 0 ISODEC ISO/IEC 10032:1995(E)
Information technology - Reference Model of Data Management
1 Scope
This International Standard defmes the IS0 Reference Model of Data Management. It establishes a framework for
coordinating the development of existing and future standards for the management of persistent data in information systems.
See annex A for references to existing data management standards.
The International Standard defines common terminology and concepts pertinent to all data held within information systems.
Such concepts are used to defme more specifically the services provided by particular data management components, such
as database management systems or data dictionary systems. The definition of such related services identifies interfaces which
may be the subject of future standardization.
It is neither an implementation
This International Standard does not specify services and protocols for data management.
specification for systems, nor a basis for appraising the conformance of implementations.
The scope of this International Standard includes processes which are concerned with handling persistent data and their interaction
with processes particular to the requirements of a specific information system. This includes common data management services
and communicate applications and dictionary
such as those required to define, store, retrieve, update, maintain, backup, restore,
data.
The scope of this International Standard includes consideration of standards for the management of data located on one or more
computer systems, including services for distributed database management.
The International Standard does not include within its scope common services normally provided by an operating system
including those processes which are concerned with specific types of physical storage devices, specific techniques for storing
data, and specific details of communications and human computer interfaces.
A data management standard defmes services provided at an interface. It does not impose limitations on how processes are
implemented.
2 Definitions
The definitions provided in this clause aim to specify the most technical use of the terms in this International Standard. The
Some of the terms are defined in other
introduction to each term may be presented in a simpler informal description.
standards, but the following definitions are provided for use in the specific context of data management.
2.1 access control: The prevention of unauthorized use of a resource, including the prevention of use of a resource in
an unauthorized manner. For data management purposes, access control relates to the enabling of authorized

@ ISO/IEC
ISOKEC 10032:1995(E)
Access control determines the processes which a user
access to data and the prevention of unauthorized access.
may perform.
2.2 A collection of data associated with the definition or modification of access control
access control data:
privileges.
access control mechanism: A mechanism which may be used to enforce a security policy.
2.3
2.4 application: The data manipulation and processing operations that are related to specific requirements of an
information system.
2.5 application process: A process which is specific to the requirements of a particular information system.
A collection of application processes which utilizes the services provided by the
2.6 application system:
human-computer interface, communications hcility, and data management system to perform the processing
necessary to meet the requirements of the information system.
audit trail: A record of the activity taking place in an information system over a period of time.
2.7
2.8 authorization: A deftition of privileges for a specific user identifier.
binding: A process which involves relating a process to specific data definitions.
2.9
2.10 client: A role filled by a processor when it requests the services provided by another processor (i.e. a server).
2.11 client-server relationship: The relationship between a client and a server which is established at the moment that
a client asks for a service to be performed by a server.
2.12 communications linkage: A means for exchanging data between computer systems, or between a user and a
computer systems.
2.13 computer system: A collection of hardware which is managed as a single unit by software such as an operating
system which may also provide common services such as access control, inter-process communications, and a
graphical user interface.
2.14 configuration: A set of processes comprising an information system and the way in which the processes are
inter-related.
2.15 An activity of managing the configuration of an information system throughout it’s
configuration management:
lifecycle.
2.16 constraining rule: A rule which is part of a Data Modelling Facility and which controls the specification of the
constraints which may be expressed upon a collection of data.
2.17 constraint: A restriction on the values permitted for a given collection of data.
2.18 data content standard: A logical specification of a collection of data which is of sufficiently general applicability
to be of use in many application systems.
2.19 data definition: A description which determines the rules to which one or more collections of data instances must
conform.
ISO/IEC 10032: 1995(E)
@ ISO/IEC
&&a export: A data management service which retrieves a set of data from a database and creates a copy of that
2.20
data organised according to a data interchange format.
A data management service which inserts into a database a set of data organ&d according to a data
2.21 d&a import:
interchange format.
2.22 data independence: The independence of processes from data such that the data definition may be changed
without unnecessarily affecting the processes.
2.23 data integrity: Conformance of data values to a specified set of rules.
2.24 data interchange format: A set of data structuring rules that determine a for-n-rat for data to enable the export of
data from one data management system and its import by another data management system.
2.25 data interchange standard: A standard which defmes a set of data according to a set of data structuring rules
so that the set of data can be interchanged between one computer system and another.
2.26 data management: The activities of defining, creating, storing, maintaining and providing access to data and
associated processes in one or more information systems.
2.27 data management environment: An abstract conceptualization of the data and associated processing elements
involved in a computer system.
2.28 data management service: A service provided by a data management system.
2.29 data management session: A period of time during which a set of data management services are being used by
a client of a data management process.
2.30 data management system: A system which is concerned with the organization and control of data.
2.31 data manipulation process: A process the semantics of which are prescribed by the data manipulation rules of
a Data Modelling Facility.
data manipulation rule: A rule which either must be followed when specifying a process or else is automatically
2.32
followed by a data management system when a process is executed.
2.33 data modelling facility: Rules for defining a schema and the data manipulation rules for operating on data stored
in accordance with the schema.
2.34 data structuring rule: A rule specifying how a collection of data may be structured.
2.35 data type: A named, formal specification which governs the common static and dynamic properties of all
instances of that data type.
2.36 database: A collection of data stored according to a schema and manipulated according to the rules set out in one
Data Modelling Facility.
2.37 database controller: An abstract representation for the collection of services which conform to and implement
a Data Modelling Facility.
2.38 database environment: A database and its associated schema and database controller.

@ ISO/IEC
ISOlIEC 10032: 1995(E)
2.39 database language: A language with a formal syntax to be used for defining, creating, accessing and maintaining
databases.
2.40 database management: Creating, using and maintaining databases.
2.41 database management system (DBMS): A collection of integrated services which support database management
and together support and control the creation, use and maintenance of a database.
An information system containing information about an enterprise, its operations, activities,
2.42 dictionary system:
processes and data that are related to one or more application systems.
2.43 distributed database: A collection of data which is distributed across two or more database environments.
the data and associated processes of which are
2.44 distributed information system: An information system,
distributed across two or more database environments.
2.45 distribution data: The data which defines location, replication and fragmentation information about data objects
in a distributed database system.
2.46 fragmentation: A partitioning across more than one database environment of the data values for the instances
of one data type in a distributed database.
2.47 functional standard: A standard which consists of an assembly of other standards showing how they fit together.
A fragmentation where the partitions are formed from all data values for a subset of
2.48 horizontal fragmentation:
instances.
A system which organizes the storage and manipulation of information about a universe of
2.49 information system:
discourse.
2.50 interchange data modelling facility: A data modelling facility that supports the interchange of data between data
management systems.
2.51 interface standard: A standard which defines the services available at an interface to a process.
2.52 level pair: A modelling concept which groups a schema with its associated database. There are two adjacent data
levels. The upper level will always contain the definition of data stored on the lower level.
2.53 management domain: A domain encompassing a set of two or more information systems, any of which may be
distributed, which have been designed and constructed to interchange data and processes.
2.54 persistent data: Data which is retained in the information system for more than one data management session.
2.55 privilege: The authorization given to an identified user to allow the use of a particular data management service
to access specific data or processes.
2.56 process: A process is an active component of an information system.
2.57 processing linkage: A representation of a possible interaction between processors.

@ ISONEC
2.58 processor: A modelling concept that represents some combination of hardware and software that can provide
services either to one or more other processors or to a human user.
schema: A description of the content, structure, and constraints used to construct and maintain a database.
2.59
2.60 server: A role filled by a processor when it provides services to another processor.
or by a process to other processes.
2.61 service: A capability provided by a processor to other processors,
A defined set of services made available by a process or processor.
2.62 services interface:
2.63 session: A period of time during which a client may have many interactions with a server and both the client and
server maintain data about each other.
A data definition or set of data definitions prior to transformation to a schema.
2.64 source schema:
atomicity, consistency, isolation and
2.65 transaction: A set of related operations characterized by 6ur properties:
durability. A transaction is uniquely identified by a transaction identifier.
2.66 transient data: Data which is either flowing into and out of an information system, or, in the case of a distributed
system, between two computer systems.
2.67 user processor: A processor which provides services to a human user and which is a client (directly or indirectly)
of a database controller.
2.68 variant: A configuration of all or part of an information system which co-exists with another having a different
configuration but providing the same facilities.
2.69 version: A configuration of all or part of an information system at a specific point in time.
2.70 A fragmentation where the partitions are formed from the same type of data values for
vertical fragmentation:
all instances.
3 Symbols and abbreviations
The purpose of this clause is to identify the symbols and abbreviations used in this International Standard.
31 . Symbols
Persistent data
3.1.1
ff’;’
:.*.v
.?A%
.%*A
:.5v
.%V.’
.*.*.v
#*A-.
.%*A*
,%*A*
Database ,+:.{
::>.a
Database
Schema ::::::::
‘A%~.
‘.*A*#
::::::::
Name
Name ‘.*A-.
‘.%V.
iv.*.
‘.%V.
:::::g
‘.%V.
‘.*A*.
‘.%V.
$:::!
* ISO/IEC
The use of a symbol to indicate persistent data is intended to cover all kinds of media on which data can be recorded - either
fixed or removable. The name identifies the type of content recorded as persistent data.
m - -
3.1.2 Communications linkage
A communications linkage symbol is used in diagrams as a particular form of communication between computer systems.
3.1.3 Processing linkage
A processing linkage symbol is used in diagrams between a process and persistent data, or between processes, to indicate
data flow, as elaborated in 3.1.4.
3.1.4 Process class
A processing linkage at the left edge indicates input,
A process class symbol is used to indicate a data manipulation process.
at the right edge indicates output, and at the top indicates constraint.
:X?
$$
1 output
Input :.:., :::i :::i
Input
.:.
:y:
:::s
:::::
)’ ;7
1 It= :::::
2.:
::::
Constiaints
Input
LLI
3.1.5 Processor class
5%
@ ISO/IEC
3.1.6 Processor class with service interface
A symbol for a processor class with a service interface is used in diagrams with procesGng linkages to indicate those
interactions in which it participates as a client and those in which it participates as a server. Each processing linkage to a
server is connected to the shaded service interface.
3.1.7 Class names
A class of processor is referred to by a capitalized name whereas an instance thereof has only lower case letters.
Abbreviations
32 .
ACID the set of Atomicity, Consistency, Isolation and Durability properties
Database Management System
DBMS
IRDS Information Resource Dictionary System
NDL Network Database Language
OS1 Open Systems Interconnection
RDA Remote Database Access
Database Language SQL
SQL
4 Data Management Requirements
4.1 Purpose
The purpose of this clause is to describe the following:
a) relevant concepts of information systems,
b) aspects of information systems which place requirements on data management,
c) scope of data management.
4.2 Information systems
In order to function, an enterprise needs to collect, keep, and process information about its own operations, its external
environment, and its interaction with its environment. A system which handles these tasks for an enterprise is called an
information system. Each information system supports a set of organizational requirements, and an enterprise may have one
or many information systems to meet its total needs. An information system may be located on one computer system.
However, an information system may be spread across two or more computer systems. In the latter case, the information
system is classified in this standard as a distributed information system.
Data flows into and out of an information system, and these interactions may be with either persons or processes, including
other information systems. Many interactions may occur concurrently. Each interaction may require an approved
authorization.
This standard distinguishes two kinds of data referred to as transient data and persistent data. Transient data is either
flowing into and out of an information system, or, in the case of a distributed information system, between two computer
systems. Persistent data always has a representation which is retained in the information system over a period of time.
@ ISO/IEC
Data management is concerned with the organization and control of persistent data. A system which performs this function
is called a data management system.
4.2.1 Context of Data Management in an Information System
Figure 1 shows how a Data Management System is positioned relative to a Computer System and the parts of an Information
Communications Facilities, and the Human-Computer Interface.
System such as the Applications Processes,
For the purposes of this International Standard, a Computer System is a collection of hardware which is managed as a single
unit by software such as an operating system which may also provide common services such as inter-process communication
and a graphical user interface.
All parts of an information System may be distributed across two or more computer systems. Within a computer system there
may be a number of instances of any part of an Information System.
I
r / I
Information / Application I
System
I Process i
I
I
,
I
Database
i
* +----- Env&unent
j
L
r lgure 1 - Position of Data Management System within an Information System
Figure 1 shows the following:
a) The Data Management System provides services that manage a collection of Persistent Data.
@ ISO/IEC ISO/IEC 10032:1995(E)
b) The interface to human users is provided by the Human-Computer Interface.
c) The Application Process provides capabilities specific to the requirements of a particular Information System.
d) The interface to other Data Management Systems, Information Systems, and Computer Systems is provided
by Communications Facilities.
e) Services provided by the Human-Computer Interface may be used by the other parts of the Information System.
f) The Application Process may use services provided by the other parts of the Information System.
g) Each of the parts of an Information System may use services provided by the Computer System.
h) The combination of a Data Management System and Persistent Data is referred to as a Database Environment.
4.3 Database and schema
The persistent data in a database environment comprises a schema and its associated database. A schema is a collection of
data definitions which determine the content, structure and constraints used to construct and maintain a database. A database
is a collection of persistent data defined by a schema.
A data management system uses the data definitions in a schema to enable and manage access to data in the database defined
by the schema.
Data Modelling Facility
4.4
A schema is prepared according to a set of data structuring rules. Each set of data structuring rules may have an associated
set of data manipulation I&S which define the processes which may be performed on data structured according to the data
structuring rules.
The data structuring rules and data manipulation rules are together called a Data Modelling Facility.
It is important to distinguish between the rules inherent in a Data Modelling Facility which are used when preparing a schema
and the rules specific to an information system which are defined in a schema. The latter rules represent constraints which
are used by a data management system when populating a database conforming to the schema.
A Data Modelling Facility may be specified either in terms of the service provided at the service interface to a data
management system, or by a database language.
A database management system (DBMS) embodies a data management system and other processes which support the
development and use of a database.
A database language is used to define a schema according to data structuring rules and to define processes according to the
associated data manipulation rules.
Examples of three classes of Data Modelling Facility are relational, network, and hierarchical. The data structuring rules
for Data Modelling Facilities in different classes may be very similar, as for network and relational, but the associated data
manipulation facilities may be different.

@ ISO/IEC
4.5
Data independence
An objective of data management is data independence which makes it possible for additive changes, and possibly
modifications, to be made to the schema in an information system without having to make unnecessary changes to the already
existing application processes. This objective is normally achieved in three complementary ways.
The first is by binding the application process to a schema in such a way that the application process is aware of that
OdY
of the schema, namely the application schema, which is needed by the application process.
Pa*
The second is by ensuring that the application processes do not depend on the physical representation of the data.
The third way of improving data independence is by including as many of the constraints as possible in the schema rather
than in the application processes. The extent to which such constraints may be included in the schema depends on the ability
of the Data Modelling Facility to define the constraints that are used when defining the schema.
Data management services
4.6
Data management services are provided at the service interface of a data management system. These services support the
use of a data modelling facility (whether specified in terms of services or a database language) and all other facilities required
for managing persistent data.
Any process may request the use of a data management service available at a services interface. There is a requirement that
a services interface is independent of the way the service may be implemented by a data management system and the physical
representation of persistent data.
A sequence of requests from one process for data management services relating to one database environment constitutes a
data management sess ion.
Processors and interfaces
4.7
A data management process may be invoked by a user, data management processes or other processes. The processes will
be performed by processors, each of which will have an interface. The interface to the processor needs to be specified. Such
progr
interfaces may be dependent on the standard amming language used to specify the process using the interface.
At any interface, there will be factors of which the user (human or a process on behalf of a user) will need to be aware to
be able to use the underlying processor. These factors should be kept to a minimum to provide as much independence at an
interface as possible.
4.8 Access control
In any organizational context, there are particular requirements of access control that may be expressed in terms of a security
policy. A security policy determines what form of access each user of an information system requires, and an information
system must have appropriate access control mechanisms which may be used to enforce the security policy.
Within the scope of data management, the requirement is to be able to determine whether to allow any specific request for
a data management service to access specific data occurrences by an identified user which is either a person or a process.
Access control should be based on an appropriate combination of user identifier, process identifier and referenced data. An
access control privilege is assigned to a user to enable the user to perform specific processes on data under specific
conditions.
@ ISO/IEC ISO/IEC 10032:1995(E)
Access control requirements in a data management context can be divided into two categories. Firstly, it must be possible
to define and subsequently modify access control privileges. Secondly, it must be possible to enforce, at any time, the need
for access control privileges which are required at that place at that time.
4.8.1 Definition and modification of access control privileges
Facilities are required for the deftition of privileges, which includes their initial creation, modification, suspension, and
deletion. The process of allocating privileges to users is called authorization. There is a requirement to identify a global
authority who is required to define and modify other access control privileges in a data management environment.
Privileges may be defmed in terms of the identifier of the user, restrictions on the use of application processes, databases,
schemas, data, dates, times, locations and the period of validity of the privilege. Privileges may also be allocated using
combinations of the previously mentioned aspects.
Additional information may be required, such as the identifier of the user who authorized the privilege.
st be stored and in the same way
The data describing privileges is referred to as access control data. This data mu managed
as any other data within the scope of data management, including having access controls applied on itself.
4.8.2 Enforcement of access control
The decision to allow any particular access to data is based on the privileges of the user.
The enforcement of access control requires that users, and processes acting on behalf of users, be identifiable, and that the
the request is made.
authority to request a service which accesses certain data can be checked at the moment when
4.8.3 Security external to data management
scope of data management
The following aspects of security are related to the control of access to data, but are outside the
for the purpose of this International Standard:
a) authentication of user identification;
b) protection of stored data so that it may only be accessed by a data management system;
c) protection of communicated data so that it may only be accessed by a data management system;
action
...