Understanding Common Data Security Architecture


Mac OS X security services are built on CDSA, with support for cryptography, certificate management, trust policy management, and key recovery. This layered security infrastructure makes it easy for Apple and Mac OS X developers to integrate leading-edge security features, such as authentication and encryption, into their applications.

By using CDSA, Apple takes advantage of a well proven, flexible, extensible security architecture. That is in keeping with the open-source nature of the Darwin layer of Mac OS X. Apple then builds user-friendly front-end applications, such as Disk Utility and Keychain Access, that help the average user take advantage of the power of this cryptographic services toolkit. Anything in Mac OS X that is doing cryptography is doing it through the CDSA application programming interfaces (APIs).

CDSA was originally developed by Intel, in cooperation with other leading companies including Hewlett-Packard, IBM, JP Morgan, Motorola, Netscape, Trusted Information Systems, and Shell Companies. Apple has also been a major contributor to the standard and has greatly extended the functionality of CDSA.

Add-in Modules

The CDSA architecture uses plug-ins to allow additional services to be supported. The different types of plug-ins are Cryptographic Service Providers (CSPs), Data Library Modules (DLs), Certificate Library Modules (CLs), and Trust Policy Modules. To support Pretty Good Privacy (PGP) certificates, for example, a developer could write CL and TP Modules that know how to parse PGP certificates and the trust policies associated with them. The keychain is implemented as a combination CSP/DL. These are described in more detail in the CDSA reference.

Layered Services

Layered Services is the Apple terminology for convenience APIs built on top of the basic CDSA functionality. For example, most developers may have to save a password securely, and can do this through two APIs. Direct calls to CDSA might require thousands of lines of code. Apple chose to make security easy for third-party (and internal) developers as well, since most are not security experts. In addition, this gives the user a common experience.




Apple Training Series. Mac OS X System Administration Reference, Volume 1
Apple Training Series: Mac OS X System Administration Reference, Volume 1
ISBN: 032136984X
EAN: 2147483647
Year: 2005
Pages: 258
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net