Common Data Security Architecture
Background
Intel Architecture Labs (IAL) defined the Common Data Security Architecture (CDSA) to
- Address the data security problems inherent to Internet and Intranet applications
- Encourage open, interoperable, horizontal security standards
- For potential use in Intel Internet products, such as Intel Internet Phone and the Intel LANDesk® product family
The CDSA Specification was published for public review in January 1996.
Intel believes this technology is valuable to the computing industry, and in the spirit of past initiatives (such as the Telephony API (TAPI), the Windows* Socket Protocol (WinSock2*), and the Universal Serial Bus (USB)), IAL makes the CDSA specification openly available. IAL also makes a beta reference implementation of this specification available for use and review by the industry at large.
This block diagram shows how application developers and security toolkit developers can use this implementation. The Common Security Services Manager (CSSM) is the central infrastructure component in CDSA. Applications call through the CSSM security API to use the underlying security services. Modules and libraries, providing various security services like cryptography and certificate management, plug-in to the bottom of CSSM.
To use CSSM, an application developer needs an implementation of the CSSM core and all security service modules (like cryptography, certificate management, and certificate storage) that are required by the application’s security needs. The beta reference implementation provided here includes the CSSM core and default add-in modules for cryptography, certificate services, trust evaluation and certificate storage. An application developer can choose to use these default libraries or develop new ones to fit the needs of the application.
Intended Audience
The intended audience for this CSSM implementation is software developers who can use the beta implementation to provide security services in their applications. CSSM is designed for easy use by the application-knowledgeable C and C++ developer who wants to provide security within and through their applications, without having to study cryptography in depth. The technology provides a high level of abstraction to security services and manages the low-level security details for the application developer. We request feedback from the software developer community. We specifically request comments on
- Sufficiency of the CSSM-defined API for securing Internet and Intranet applications
- Degree of extensibility provided by the API
- Support-ability of the service provider interface for add-in security modules
Support for developers (implementing applications and add-in security modules) and end-users (executing Intel’s sample applications) is provided through other electronic mail addresses and telephone support. These software-support contact points are clearly documented with all downloaded software.
Please send general comments and questions to cdsa@ibeam.intel.com
|