| Patent application number | Description | Published |
|---|
| 20090077135 | FRAMEWORK FOR HANDLING BUSINESS TRANSACTIONS - Techniques are provided for freeing up resources before operations that change the resources have successfully completed. Resources are freed up by committing database transactions that perform portions of operations before the operations themselves have successfully completed. If the operations fail to complete successfully, then “compensation information” is used to remove the effects of the committed changes that were performed as part of the operation. Techniques are also provided for allowing database transactions to update values without retaining exclusive locks on those values. Operational constraints set forth conditions that must be satisfied before an update is allowed to proceed. If an attempt is made to update a particular value that has changes that may be undone, then the database server determines a plurality of “possible result values” for the particular value. If the possible result values satisfy the operational constraint conditions, then the update is allowed to proceed. | 03-19-2009 |
| 20090094291 | SUPPORT FOR COMPENSATION AWARE DATA TYPES IN RELATIONAL DATABASE SYSTEMS - Techniques are provided for extending a business transaction framework to support user-provided compensation logic for business transactions. The extensibility framework may be used to implement user-defined semantics for (a) validating concurrent updates to shared data and (b) performing compensating actions when an associated transaction is aborted. In one embodiment, the extensibility and the compensation are provided at the data-type level. User-provided logic also maintains summaries that include values that are externalized so that they may be referenced in user-provided operational constraints. | 04-09-2009 |
| 20090106701 | Interactive Complex Event Pattern Builder and Visualizer - Systems, methods, and other embodiments associated with complex event pattern building are described. One example method includes receiving, on a server-side, requests associated with user interactions with interactive menus. The method includes responding to the requests with commands that build a set of event-condition-action, data that describes an action to take in response to an occurrence of a complex event pattern. The example method may also include automatically converting the event-condition-action data into a programmatic construct that configures a complex event pattern engine to initiate the specified action in response to detecting an occurrence of the complex event pattern. | 04-23-2009 |
| 20090199273 | Row-level security with expression data type - Systems, methods, and other embodiments associated with row level security for a database table are described. One example method includes detecting an access statement seeking access to a row in a database table for which row level security is active. The method includes adding a predicate to the access statement. The predicate is based on an access control expression associated with the row. The access control expression depends on an instance of an expression data type associated with the row. The method includes populating an attribute of the predicate, and controlling access to the row based on a computed value for the predicate. | 08-06-2009 |
| 20090300002 | Proactive Information Security Management - A method and apparatus for proactive information security management is described. In one embodiment, for example, a computer-implemented method for controlling access to sensitive information, the method comprising: maintaining access constraint data that can be used to control access to the sensitive information, wherein the access constraint data includes match pattern data and apply pattern data; receiving a semantic query from a querier requesting access to the sensitive information; based on the match pattern data, determining whether the semantic query should be constrained according to the apply pattern data; where said semantic query should be constrained according to the apply pattern data, rewriting the semantic query according to the apply pattern data to produce a rewritten query; executing the rewritten query against a database that contains the sensitive information; and returning any results of executing the rewritten query. | 12-03-2009 |
| 20100169966 | Resource description framework security - Systems, methods, and other embodiments associated with resource description framework (RDF) security are described. One example method includes generating, based on sensitivity labels associated with the contents of a triple in an RDF record, a sensitivity label. The example method may also include comparing the sensitivity label to an access label associated with an entity requesting an action associated with the record to be performed. The example method may also include performing the action upon determining that the entity has sufficient permission to request the action. | 07-01-2010 |
| 20100268722 | Access control for graph data - Systems, methods, and other embodiments associated with access control for graph data at the instance-level are described. One example method includes accepting data access constraints that are expressed as match and apply pattern pairs to enforce security policies. A user query on graph data with a security policy restricts the returned data to data that the user is authorized to access. For this purpose, a user query that includes query selection criteria corresponding to one or more match pattern criteria based on the resource referenced in the query is rewritten to include security conditions specified in the associated apply pattern to restrict access to the graph data. | 10-21-2010 |
| 20110022636 | ENFORCING RESTRICTIONS FOR GRAPH DATA MANIPULATION OPERATIONS - Systems, methods, and other embodiments associated with data manipulation operation restriction enforcement on graph data are described. A statement specifying a data manipulation operation to modify graph data that will modify one or more triples in the graph data is received. One or more resources that the one or more triples describe is determined. Data constraints associated with the resources are accessed. The access constraints are evaluated on the graph data. The data manipulation operation is selectively restricted based, at least in part on, the evaluation of the access constraints. | 01-27-2011 |
| 20110055169 | LOGICAL CONFLICT DETECTION - Systems, methods, and other embodiments associated with detecting and avoiding logical conflicts between long duration transactions are described. One example method includes generating conflict keys for long transactions using conflict queries that operate on data being manipulated to return a conflict key to be associated with the transaction. The conflict keys may be used to detect or avoid logical conflicts that occur in long duration transactions running concurrently. | 03-03-2011 |
