ISO/IEC TR 10032:2003

TECHNICAL ISO/IEC
REPORT TR
First edition
2003-11-01
Information technology — Reference
Model of Data Management
Technologies de l'information — Modèle de référence pour la gestion
de données
Reference number
©
ISO/IEC 2003
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2003
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2003 — All rights reserved

Contents Page
Foreword. vi
Introduction . vii
1 Scope. 1
2 Terms and definitions. 1
3 Symbols and abbreviations . 7
3.1 Symbols . 7
3.1.1 Persistent data . 7
3.1.2 Communications linkage. 7
3.1.3 Processing linkage . 7
3.1.4 Process class . 7
3.1.5 Processor class. 8
3.1.6 Processor class with service interface. 8
3.1.7 Class names . 8
3.2 Abbreviations . 8
4 Data Management Requirements . 9
4.1 Purpose. 9
4.2 Information systems . 9
4.2.1 Context of Data Management in an Information System . 9
4.3 Database and schema . 10
4.4 Data Modelling Facility . 11
4.5 Data independence . 11
4.6 Data management services. 11
4.7 Processors and interfaces . 12
4.8 Access control . 12
4.8.1 Definition and modification of access control privileges . 12
4.8.2 Enforcement of access control . 12
4.8.3 Security external to data management . 13
4.9 Operational requirements to support data management. 13
4.9.1 Information systems life cycle support . 13
4.9.2 Configuration management, version control and variants. 14
4.9.3 Concurrent processing. 14
4.9.4 Database transaction management . 14
4.9.5 Performance engineering. 15
4.9.6 Referencing data . 15
4.9.7 Extensible Data Modelling Facility . 15
4.9.8 Support for different Data Modelling Facilities at user interface. 15
4.9.9 Audit trails. 15
4.9.10 Recovery . 15
4.9.11 Logical data restructuring. 15
4.9.12 Physical storage reorganization. 16
4.10 Additional operational requirements to support data management in a distributed
information system . 16
4.10.1 Distribution control. 17
4.10.2 Database transaction management . 18
4.10.3 Communications . 18
4.10.4 Export/import. 18
4.10.5 Distribution independence. 18
4.10.6 System autonomy . 18
4.10.7 Recovery of a distributed database . 18
4.11 Dictionary systems . 18
© ISO/IEC 2003 — All rights reserved iii

5 Concepts for data level pairs and related processes.19
5.1 Purpose .19
5.2 Level pairs.19
5.2.1 Interlocking level pairs .19
5.2.2 Recursive use of level pairs .20
5.2.3 Operations on level pairs .21
5.3 Dependence of level pairs on a Data Modelling Facility .21
5.3.1 Level pairs and data structuring rules .21
5.3.2 Level pairs and data manipulation rules.21
5.4 Level pairs and associated processes.22
5.5 Access control for level pairs .24
5.6 Schema modification .24
6 Architectural model.24
6.1 Purpose .24
6.2 Modelling concepts.24
6.2.1 Characteristics of Reference Model processors.25
6.2.2 Levels of abstraction .25
6.2.3 Notation for processors.25
6.3 The generic model of data management .26
6.3.1 Generic Database Controller.27
6.3.2 User Processor.27
6.3.3 User.28
6.4 Specialization of the model in different environments.28
6.5 Database environment.28
6.6 Distributed data management.29
6.6.1 Distribution Controller .31
6.6.2 Role of Distribution Controller and level pairs.31
6.7 Export/Import model .31
6.8 Access Control for Data Management .32
7 Objectives and principles for data management standardization .33
7.1 Purpose .33
7.2 Technical objectives associated with data management standardization.34
7.2.1 Support for all distributed scenarios .34
7.2.2 Location independence .34
7.2.3 Standardized database transaction management .35
7.2.4 Export and import of databases .35
7.2.5 Reduced complexity of handling data.36
7.2.6 Overall performance in distributed scenarios.36
7.2.7 Data independence.36
7.2.8 Application portability .36
7.2.9 Extensible Data Modelling Facility .36
7.2.10 Flexible presentation of data to users .36
7.3 Means of achieving objectives.36
7.3.1 Same data modelling facility for each level pair .37
7.3.2 Same interchange mechanism for all level pairs .37
7.3.3 Same processors usable for all level pairs .37
7.3.4 Standardized services at Database Controller interface.38
7.3.5 Standardized approach to access control.38
7.3.6 Standardized representation of data needed to facilitate interoperability.38
7.3.7 Support data fragmentation .38
7.3.8 Separation of logical and physical structures .38
7.3.9 Access to schema during execution.38
7.3.10 User data modelling facility different from interchange data modelling facility .39
7.4 Aspects of data management standards .39
7.4.1 Categories of data management standard .39
7.4.2 Role of a data modelling facility in standardization .40
7.4.3 Standardization styles .40
Annex A (informative) Related International Standards .41
iv © ISO/IEC 2003 — All rights reserved

Annex B (informative) Relationship of existing and developing database standards to the
architecture of the Reference Model of Data Management . 42

© ISO/IEC 2003 — All rights reserved v

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
In exceptional circumstances, the joint technical committee may propose the publication of a Technical Report
of one of the following types:
— type 1, when the required support cannot be obtained for the publication of an International Standard,
despite repeated efforts;
— type 2, when the subject is still under technical development or where for any other reason there is the
future but not immediate possibility of an agreement on an International Standard;
— type 3, when the joint technical committee has collected data of a different kind from that which is
normally published as an International Standard (“state of the art”, for example).
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether
they can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to
be reviewed until the data they provide are considered to be no longer valid or useful.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TR 10032, which is a Technical Report of type 3, was prepared by Joint Technical Committee
ISO/IEC JTC 1, Information technology, Subcommittee SC 32, Data management and interchange.
vi © ISO/IEC 2003 — All rights reserved

Introduction
ISO, in specifying a Reference Model of Data Management, recognizes that there are many implementors of
data management systems. It is inevitable that different implementors use different terms to specify or refer to
similar data management functions. Furthermore, the use of the same term to describe different functions is
also common. There is a clear need to standardize the data management functions. This Technical Report
fulfils that role by presenting a Reference Model of Data Management and defining the areas of this model
which lend themselves to standardization.
This Technical Report defines the Reference Model of Data Management. It provides a common basis for the
coordination of standards development for the purpose of data management, while allowing existing and
emerging standards to be placed into perspective.
The term “data management” includes the description, creation, modification, use and control of data in
information systems. Such data management functions may be performed as a common service for
information systems applications. Alternatively, each application may define and control the data relevant to it.
In the case in which data management functions are performed as a common service, it is desirable to provide
standardized facilities for data access and control in order to permit the sharing of data by a number of users.
Such standardization requires the determination of a number of interfaces for which individual standards may
be developed.
The objectives of this Technical Report are to provide a framework allowing, within the scope specified in
Clause 1, for the following:
a) identification of interfaces;
b) positioning all such interfaces relative to each other;
c) identification of facilities provided at each interface;
d) identification of the process which supports each interface and, where appropriate, of the data required
for such support;
e) positioning the use of the interfaces in terms of an information systems life cycle; and
f) identification of the binding alternatives associated with each appropriate identified interface.
There are three major objectives which are applied in this Technical Report to data management
standardization. These are as follows:
a) Shareability of resources;
b) Minimize cost of supporting an information system over its life cycle;
c) Optimum use of standardization effort.
The shareability of resources objective applies to both information resources as represented by data in
databases and to processor resources of the kind described in Clause 6. There is particular emphasis on the
shareability of information resources located at different places and developed using different hardware and
software. All shareability of resources is subject to access control.
The objective of minimizing the cost of supporting an information system applies to all phases of the
information system life cycle, including design, development, operation and maintenance costs.
© ISO/IEC 2003 — All rights reserved vii

The objective associated with the optimum use of standardization effort refers to reducing the number of
standards required and to simplifying the content of such standards.
This Technical Report identifies areas for developing or improving standards, and provides a common
framework for maintaining consistency of all related standards.
This Technical Report provides a framework which allows teams of experts to work productively and
independently on the development of standards for different components of information systems.
This Technical Report has sufficient generality to accommodate the development of new standards in
response to advances in technology.
The description of the Reference Model of Data Management given in this Technical Report is presented as
follows:
 Clause 4 introduces data management and the requirements based on information systems;
 Clause 5 explains the data concepts that are required for the Reference Model and how they relate to
each other and the process concepts;
 Clause 6 provides an architectural model within which different data and processing components relevant
to data management can be placed;
 Clause 7 describes the objectives and principles for data management standardization;
 Annex A is a list of related International Standards;
 Annex B shows how the existing and future SC 21/WG3 standards relate to the architectural model
described in Clause 6;
This Technical Report specifies the classes of services that are expected to be provided by data management,
and it provides a framework which describes the way in which they are related to each other. However, data
management does not exist in isolation but within an environment providing other services such as data
storage and communication, as is described in Clause 4.
Prior to completion of work on this Technical Report, data management standards were developed within
ISO/IEC as indicated in Annex A of this document. The positioning of such International Standards using this
Reference Model of Data Management is described in Annex B.

viii © ISO/IEC 2003 — All rights reserved

TECHNICAL REPORT ISO/IEC TR 10032:2003(E)

Information technology — Reference Model of Data
Management
1 Scope
This Technical Report defines the ISO Reference Model of Data Management. It establishes a framework for
coordinating the development of existing and future standards for the management of persistent data in
information systems. See Annex A for references to existing data management standards.
This Technical Report defines common terminology and concepts pertinent to all data held within information
systems. Such concepts are used to define more specifically the services provided by particular data
management components, such as database management systems or data dictionary systems. The definition
of such related services identifies interfaces which may be the subject of future standardization.
This Technical Report does not specify services and protocols for data management. This Technical Report is
neither an implementation specification for systems, nor a basis for appraising the conformance of
implementations.
The scope of this Technical Report includes processes which are concerned with handling persistent data and
their interaction with processes particular to the requirements of a specific information system. This includes
common data management services such as those required to define, store, retrieve, update, maintain,
backup, restore, and communicate applications and dictionary data.
The scope of this Technical Report includes consideration of standards for the management of data located
on one or more computer systems, including services for distributed database management.
This Technical Report does not include within its scope common services normally provided by an operating
system including those processes which are concerned with specific types of physical storage devices,
specific techniques for storing data, and specific details of communications and human computer interfaces.
A data management standard defines services provided at an interface. It does not impose limitations on how
processes are implemented.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
The definitions provided in this clause aim to specify the most technical use of the terms in this Technical
Report. The introduction to each term may be presented in a simpler informal description. Some of the terms
are defined in other standards, but the following definitions are provided for use in the specific context of data
management.
2.1
access control
the prevention of unauthorized use of a resource, including the prevention of use of a resource in an
unauthorized manner. For data management purposes, access control relates to the enabling of authorized
access to data and the prevention of unauthorized access. Access control determines the processes which a
user may perform
© ISO/IEC 2003 — All rights reserved 1

2.2
access control data
a collection of data associated with the definition or modification of access control privileges
2.3
access control mechanism
a mechanism which may be used to enforce a security policy
2.4
application
the data manipulation and processing operations that are related to specific requirements of an information
system
2.5
application process
a process which is specific to the requirements of a particular information system
2.6
application system
a collection of application processes which utilizes the services provided by the human-computer interface,
communications facility, and data management system to perform the processing necessary to meet the
requirements of the information system
2.7
audit trail
a record of the activity taking place in an information system over a period of time
2.8
authorization
a definition of privileges for a specific user identifier
2.9
binding
a process which involves relating a process to specific data definitions
2.10
client
a role filled by a processor when it requests the services provided by another processor (i.e. a server)
2.11
client-server relationship
the relationship between a client and a server which is established at the moment that a client asks for a
service to be performed by a server
2.12
communications linkage
a means for exchanging data between computer systems, or between a user and computer systems
2.13
computer system
a collection of hardware which is managed as a single unit by software such as an operating system which
may also provide common services such as access control, interprocess communications, and a graphical
user interface
2.14
configuration
a set of processes comprising an information system and the way in which the processes are interrelated
2 © ISO/IEC 2003 — All rights reserved

2.15
configuration management
an activity of managing the configuration of an information system throughout its life cycle
2.16
constraining rule
a rule which is part of a Data Modelling Facility and which controls the specification of the constraints which
may be expressed upon a collection of data
2.17
constraint
a restriction on the values permitted for a given collection of data
2.18
data content standard
a logical specification of a collection of data which is of sufficiently general applicability to be of use in many
application systems
2.19
data definition
a description which determines the rules to which one or more collections of data instances must conform
2.20
data export
a data management service which retrieves a set of data from a database and creates a copy of that data
organized according to a data interchange format
2.21
data import
a data management service which inserts into a database a set of data organized according to a data
interchange format
2.22
data independence
the independence of processes from data such that the data definition may be changed without unnecessarily
affecting the processes
2.23
data integrity
conformance of data values to a specified set of rules
2.24
data interchange format
a set of data structuring rules that determine a format for data to enable the export of data from one data
management system and its import by another data management system
2.25
data interchange standard
a standard which defines a set of data according to a set of data structuring rules so that the set of data can
be interchanged between one computer system and another
2.26
data management
the activities of defining, creating, storing, maintaining and providing access to data and associated processes
in one or more information systems
2.27
data management environment
an abstract conceptualization of the data and associated processing elements involved in a computer system
© ISO/IEC 2003 — All rights reserved 3

2.28
data management service
a service provided by a data management system
2.29
data management session
a period of time during which a set of data management services are being used by a client of a data
management process
2.30
data management system
a system which is concerned with the organization and control of data
2.31
data manipulation process
a process the semantics of which are prescribed by the data manipulation rules of a Data Modelling Facility
2.32
data manipulation rule
a rule which either must be followed when specifying a process or else is automatically followed by a data
management system when a process is executed
2.33
data modelling facility
rules for defining a schema and the data manipulation rules for operating on data stored in accordance with
the schema
2.34
data structuring rule
a rule specifying how a collection of data may be structured
2.35
data type
a named, formal specification which governs the common static and dynamic properties of all instances of that
data type
2.36
database
a collection of data stored according to a schema and manipulated according to the rules set out in one Data
Modelling Facility
2.37
database controller
an abstract representation for the collection of services which conform to and implement a Data Modelling
Facility
2.38
database environment
a database and its associated schema and database controller
2.39
database language
a language with a formal syntax to be used for defining, creating, accessing and maintaining databases
2.40
database management
creating, using and maintaining databases
4 © ISO/IEC 2003 — All rights reserved

2.41
database management system
DBMS
a collection of integrated services which support database management and together support and control the
creation, use and maintenance of a database
2.42
dictionary system
an information system containing information about an enterprise, its operations, activities, processes and
data that are related to one or more application systems
2.43
distributed database
a collection of data which is distributed across two or more database environments
2.44
distributed information system
an information system, the data and associated processes of which are distributed across two or more
database environments
2.45
distribution data
the data which defines location, replication and fragmentation information about data objects in a distributed
database system
2.46
fragmentation
a partitioning across more than one database environment of the data values for the instances of one data
type in a distributed database
2.47
functional standard
a standard which consists of an assembly of other standards showing how they fit together
2.48
horizontal fragmentation
a fragmentation where the partitions are formed from all data values for a subset of instances
2.49
information system
a system which organizes the storage and manipulation of information about a universe of discourse
2.50
interchange data modelling facility
a data modelling facility that supports the interchange of data between data management systems
2.51
interface standard
a standard which defines the services available at an interface to a process
2.52
level pair
a modelling concept which groups a schema with its associated database. There are two adjacent data levels.
The upper level will always contain the definition of data stored on the lower level
2.53
management domain
a domain encompassing a set of two or more information systems, any of which may be distributed, which
have been designed and constructed to interchange data and processes
© ISO/IEC 2003 — All rights reserved 5

2.54
persistent data
data which is retained in the information system for more than one data management session
2.55
privilege
the authorization given to an identified user to allow the use of a particular data management service to
access specific data or processes
2.56
process
a process is an active component of an information system
2.57
processing linkage
a representation of a possible interaction between processors
2.58
processor
a modelling concept that represents some combination of hardware and software that can provide services
either to one or more other processors or to a human user
2.59
schema
a description of the content, structure, and constraints used to construct and maintain a database
2.60
server
role filled by a processor when it provides services to another processor
2.61
service
a capability provided by a processor to other processors, or by a process to other processes
2.62
services interface
a defined set of services made available by a process or processor
2.63
session
a period of time during which a client may have many interactions with a server and both the client and server
maintain data about each other
2.64
source schema
a data definition or set of data definitions prior to transformation to a schema
2.65
transaction
a set of related operations characterized by four properties: atomicity, consistency, isolation and durability. A
transaction is uniquely identified by a transaction identifier
2.66
transient data
data which is either flowing into and out of an information system, or, in the case of a distributed system,
between two computer systems
6 © ISO/IEC 2003 — All rights reserved

2.67
user processor
a processor which provides services to a human user and which is a client (directly or indirectly) of a database
controller
2.68
variant
a configuration of all or part of an information system which coexists with another having a different
configuration but providing the same facilities
2.69
version
a configuration of all or part of an information system at a specific point in time
2.70
vertical fragmentation
a fragmentation where the partitions are formed from the same type of data values for all instances
3 Symbols and abbreviations
The purpose of this clause is to identify the symbols and abbreviations used in this Technical Report.
3.1 Symbols
3.1.1 Persistent data
DataDataDatabababasesese
DaDaDatabtabtabaaasesese
ScScSchehehemamama
NaNaNamememe
NameNameName
3.1.2 Communications linkage
3.1.3 Processing linkage
3.1.4 Process class
A process class symbol is used to indicate a data manipulation process. A processing linkage at the left edge
indicates input, at the right edge indicates output, and at the top indicates constraint.
© ISO/IEC 2003 — All rights reserved 7

IIInnnpupuputtt OOOuuutttpupuputtt IIInnnpupuputtt OOOuuutttpupuputtt
CoCoConnnssstratratraiiinnntttsss
IIInnnpupuputtt OOOutututpppuuuttt

3.1.5 Processor class
3.1.6 Processor class with service interface

A symbol for a processor class with a service interface is used in diagrams with processing linkages to
indicate those interactions in which it participates as a client and those in which it participates as a server.
Each processing linkage to a server is connected to the shaded service interface.
3.1.7 Class names
A class of processor is referred to by a capitalized name whereas an instance thereof has only lower case
letters.
3.2 Abbreviations
ACID the set of Atomicity, Consistency, Isolation and Durability properties
DBMS Database Management System
IRDS Information Resource Dictionary System
NDL Network Database Language
OSI Open Systems Interconnection
RDA Remote Database Access
SQL Database Language SQL
8 © ISO/IEC 2003 — All rights reserved

4 Data Management Requirements
4.1 Purpose
The purpose of this clause is to describe the following:
a) relevant concepts of information systems,
b) aspects of information systems which place requirements on data management,
c) scope of data management.
4.2 Information systems
In order to function, an enterprise needs to collect, keep, and process information about its own operations, its
external environment, and its interaction with its environment. A system which handles these tasks for an
enterprise is called an information system. Each information system supports a set of organizational
requirements, and an enterprise may have one or many information systems to meet its total needs. An
information system may be located on one computer system. However, an information system may be spread
across two or more computer systems. In the latter case, the information system is classified in this report as
a distributed information system.
Data flows into and out of an information system, and these interactions may be with either persons or
processes, including other information systems. Many interactions may occur concurrently. Each interaction
may require an approved authorization.
This Technical Report distinguishes two kinds of data referred to as transient data and persistent data.
Transient data is either flowing into and out of an information system, or, in the case of a distributed
information system, between two computer systems. Persistent data always has a representation which is
retained in the information system over a period of time.
Data management is concerned with the organization and control of persistent data. A system which
performs this function is called a data management system.
4.2.1 Context of Data Management in an Information System
Figure 1 shows how a Data Management System is positioned relative to a Computer System and the parts of
an Information System such as the Applications Processes, Communications Facilities, and the Human-
Computer Interface.
For the purposes of this Technical Report, a Computer System is a collection of hardware which is managed
as a single unit by software such as an operating system which may also provide common services such as
interprocess communication and a graphical user interface.
All parts of an Information System may be distributed across two or more computer systems. Within a
computer system there may be a number of instances of any part of an Information System.
© ISO/IEC 2003 — All rights reserved 9

InInffoormrmationation
AppAppApplicliclicaaationtiontion
ProProProccceeessssss
SySyststemem
HumHumHumaaannn--- CoCoCommummummuninini---
CoCoCommmpppuuutttererer cacacatttiiiooonnnsss
InInInteteterfarfarfacecece FaFaFaccciiilitielitielitiesss
DaDaDatatata
MaMaManananagegegemmmeeentntnt
SySySysssttteeemmm
CoCommppuutteerr
PePePersistersistersistentntnt DaDatabtabaasese
DaDaDatatata EEnnvivirroonmnmenentt
SysteSystemm
Figure 1 — Position of Data Management System within an Information System
Figure 1 shows the following:
a) The Data Management System provides services that manage a collection of Persistent Data.
b) The interface to human users is provided by the Human-Computer Interface.
c) The Application Process provides capabilities specific to the requirements of a particular Information
System.
d) The interface to other Data Management Systems, Information Systems, and Computer Systems is
provided by Communications Facilities.
e) Services provided by the Human-Computer Interface may be used by the other parts of the Information
System.
f) The Application Process may use services provided by the other parts of the Information System.
g) Each of the parts of
...