---

CDSA

CDSA is an Open Source security architecture adopted as a technical standard by the Open Group (http://www.opengroup.org/security/cdsa.htm). Apple has developed its own Open Source implementation of CDSA, available as part of Darwin at http://developer.apple.com/darwin/projects/security/. The core of CDSA is CSSM (Common Security Services Manager), a set of Open Source code modules that implement a public application programming interface called the CSSM API. CSSM provides APIs for cryptographic services (such as creation of cryptographic keys, encryption and decryption of data), certificate services (such as creation of digital certificates, reading and evaluation of digital certificates), secure storage of data, and other security services (see “Apple CDSA Plug-ins” for a more complete list).

CSSM also defines an interface for plug-ins that implement security services for a particular operating system and hardware environment. The implementation on a given platform can optionally supply a middleware layer that provides an operating-system-specific API for applications. Whether such a layer is present or not, applications can call the CSSM API directly.

Mac OS X implements nearly all the standard features of CSSM, plus a set of middleware security services to provide a Mac OS X-standard interface for application programmers. In addition, to enhance the security of the most sensitive operations, the Mac OS X implementation runs a Security Server daemon as a separate process. The Security Server daemon launches another process, the Security Agent, which serves as the user interface for Security Server.

Figure 1-2 illustrates the Mac OS X implementation of CDSA. The CDSA standard defines a four-layer architecture, with the top layer being the applications that use the CDSA security features. Figure 1-2 shows the first three layers: the CDSA plug-ins, CSSM, and the Mac OS X security APIs, which constitute the middleware layer referred to in the specification. The Mac OS X Authorization Services API, the Security Server daemon, and the Security Agent shown in the figure are technically outside of CDSA, but they are shown here for completeness because they constitute an integral part of the Mac OS X security architecture.

Security contexts (see Figure 1-2) are data structures used by CSSM to assist applications in managing the many parameters used in security operations. The CSSM managers implement the standard CSSM API. (A fifth manager defined in the CDSA standard, called the Authorization Computation Services Manager, is not implemented in Mac OS X. Instead of using a CSSM API, Mac OS X Authorization Services calls the Security Server daemon directly.)

The CDSA plug-ins shown in Figure 1-2 are those provided as part of Mac OS X. The CDSA specification allows any number of plug-ins. As long as a plug-in follows the rules for interfacing with the CSSM managers, it can implement any portion of the CDSA feature set, including a combination of features associated with two or more of the CSSM managers. (See “AppleCSP/DL Module” for an example of a multiservice CDSA plug-in.) The CDSA specification even allows for the expansion of CDSA by the addition of elective module managers and associated plug-ins. Plug-ins can call each other as well as being called by the CSSM managers—in fact, it is common for them to do so.

For an introduction to CDSA, see CDSA Explained, second edition, from the Open Group. The CDSA/CSSM technical standard is Common Security: CDSA and CSSM, version 2 (with corrigenda), also from the Open Group.

As long as you use the Mac OS X security APIs, you don’t have to worry about the details of the Mac OS X CDSA implementation. However, because a call to the CSSM API allows you to specify the plug-in module to which you want to direct your request, if you want to call CSSM directly you should have some understanding of the Mac OS X CDSA plug-ins.

---