Common Security: CDSA and CSSM, Version 2 (with corrigenda)
Copyright © 2000 The Open Group

Frontmatter


Technical Standard
Common Security: CDSA and CSSM, Version 2 (with corrigenda)
Document Number: C914
ISBN: 1-85912-202-7


©May 2000, The Open Group All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the copyright owners.


Any comments relating to the material contained in this document may be submitted to The Open Group at:

The Open Group
Apex Plaza
Forbury Road
Reading
Berkshire, RG1 1AX
United Kingdom
or by electronic mail to:
OGSpecs@opengroup.org

Preface

The Open Group

The Open Group is a vendor and technology-neutral consortium which ensures that multi-vendor information technology matches the demands and needs of customers. It develops and deploys frameworks, policies, best practices, standards, and conformance programs to pursue its vision: the concept of making all technology as open and accessible as using a telephone.

The mission of The Open Group is to deliver assurance of conformance to open systems standards through the testing and certification of suppliers' products.

The Open group is committed to delivering greater business efficiency and lowering the cost and risks associated with integrating new technology across the enterprise by bringing together buyers and suppliers of information systems.

Membership of The Open Group is distributed across the world, and it includes some of the world's largest IT buyers and vendors representing both government and commercial enterprises.

More information is available on The Open Group Web Site at http://www.opengroup.org.

Open Group Publications

The Open Group publishes a wide range of technical documentation, the main part of which is focused on development of Technical and Product Standards and Guides, but which also includes white papers, technical studies, branding and testing documentation, and business titles. Full details and a catalog are available on The Open Group Web Site at http://www.opengroup.org/pubs.

In addition, The Open Group publishes Product Documentation. This includes product documentation-programmer's guides, user manuals, and so on-relating to the DCE, Motif, and CDE. It also includes the Single UNIX Documentation, designed for use as common product documentation for the whole industry.

Versions and Issues of Specifications

As with all live documents, Technical Standards and Specifications require revision to align with new developments and associated international standards. To distinguish between revised specifications which are fully backwards compatible and those which are not:

Corrigenda

Readers should note that Corrigenda may apply to any publication. Corrigenda information is published on The Open Group Web Site at http://www.opengroup.org/corrigenda.

Ordering Information

Full catalog and ordering information on all Open Group publications is available on The Open Group Web Site at http://www.opengroup.org/pubs.

This Document
This CDSA Version 2 with corrigenda Technical Standard C914, May 2000, supersedes the November 1999 CDSA Version 2 Standard (C902). The launch by Intel in May 2000 of their implementation of CDSA as "Open Source" is intended to match C914.

The changes from C902 comprise corrections collected in a Corridendum, following extensive implementation experience since C902 was published in November 1999, plus an extensive restructuring of the complete document to eliminate unnecessary duplication of definitions and description.

The Common Data Security Architecture (CDSA) is a set of layered security services that provide the infrastructure for scalable, extensible and interoperable security solutions. It provides complete flexibility through the use of plug-in security modules that use common Application Programming Interfaces (APIs). The CDSA provides all the essential components of security capability, and enables implementers and application writers to gear their security solutions to their business needs.

History
The following summary provides a chronological history of the development of CDSA specifications since December 1997. It is intended for clarification purposes, in recognition that there is possibility of confusion over past version numbering assigned to previously-released CDSA documents and related software.

Any CDSA specifications released prior to December 1977 pre-date The Open Group's involvement.

Trademarks

Motif®, OSF/1®, UNIX®, and the "X Device" are registered trademarks and IT DialToneTM; and The Open GroupTM; are trademarks of The Open Group in the U.S. and other countries.

Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owner's benefit, without intent to infringe.

Acknowledgements

The Open Group gratefully acknowledges the co-operative effort of participating industry leaders, led by Intel Architecture Labs., on this Common Data Security Architecture (CDSA) specification. This work was initiated by Intel Architecture Labs., and led to the development of CDSA and CSSM, having attained the support and participation of organizations such as Apple, Entrust, Hewlett-Packard, IBM, Motorola, Netscape, Sun, and Trusted Information Systems, together with the many member organizations of the PKI (Public Key Infrastructure) Task Group, who met regularly under the auspices of The Open Group.

The Open Group particularly acknowledges the detailed work contributed by Apple Computer Corporation, Intel Architecture Labs. and the IBM Corporation, to the development of the CDSA Version 2 Technical Standard, and to the ongoing work contributed by Apple Computer Corporation and Intel Architecture Labs in the development of this CDSA Version 2 with corrigenda Technical Standard.

Referenced Documents

The following documents are referenced in this Technical Standard:

ASN.1

ITU-T Recommendation X.200: Abstract Syntax Notation One (ASN.1).

BER

ITU-T Recommendation X.209: Basic Encoding Rules for Abstract Syntax Notation One (ASN.1).

BSAFE

BSAFE Cryptographic Toolkit, RSA Data Security, Inc., Redwood City, CA.

Cryptography

Applied Cryptography, Second Edition, Protocols, Algorithms, and Source Code in C, Bruce Schneier: John Wiley & Sons, Inc., 1996.

Cryptography Usage

Handbook of Applied Cryptography, Menezes, A., Van Oorschot, P., and Vanstone, S., CRC Press, Inc., 1997.

DER

ITU-T Recommendation X.690: Distinguished Encoding Rules.

DSA

Federal Information Procurement Standard (FIPS) 186, Digital Signature Standard.

Key Escrow

A Taxonomy for Key Escrow Encryption Systems, Denning, Dorothy E., and Branstad, Dennis, Communications of the ACM, Vol 39, No. 3, March 1996.

OIW

Stable Implementation Agreements, Open Systems Environment Implementors Workshop, June 1995.

PKCS

The Public-Key Cryptography Standards, RSA Laboratories, RSA Data Security, Inc., Redwood City, CA.

PKCS #1

RSA Encryption Standard, RSA Data Security, Inc., October 1, 1998, Version 2.0.

PKCS #3

Diffie-Hellman Key-Agreement Standard, RSA Data Security, Inc., November 1, 1993, Version 1.4.

PKCS #7

Cryptographic Message Syntax, RSA Data Security, Inc., November 1, 1993, Version 1.5.

PKCS #8

Private-Key Information Syntax Standard, RSA Data Security, Inc., November 1, 1993, Version 1.2.

PKIX

Public Key Infrastructure Certificate Management Protocols, IETF PKIX Working Group, 1996

SDSI

SDSI: A Simple Distributed Security Infrastructure, R. Rivest and B. Lampson, 1996.

SHA

Federal Information Procurement Standard (FIPS) 180, Secure Hash Algorithm.

SPKI

Simple Public Key Infrastructure, Internet Draft: draft-ietf-spki-cert-structure-03.txt

X.509

ITU-T Recommendation X.509: The Directory-Authentication Framework, 1988.

License Agreement for CDSA Specifications

THIS LICENSE AGREEMENT IS IN RESPECT OF THE COMPILATION OF 15 SPECIFICATIONS RELATING TO COMMON DATA SECURITY ARCHITECTURE "(CDSA)" AND COMMON SECURITY SERVICES MANAGER "(CSSM)", PUBLISHED TOGETHER BY THE OPEN GROUP UNDER THE TITLE "COMMON SECURITY: CDSA AND CSSM, Version 2", DOCUMENT NUMBER C902, ISBN 1-85912-236-1 ("THE SPECIFICATION").

YOU CANNOT USE THIS SPECIFICATION ("THE SPECIFICATION") FOR SOFTWARE DEVELOPMENT UNTIL YOU HAVE CAREFULLY READ AND AGREED TO THE FOLLOWING TERMS AND CONDITIONS. THE PERSON WHO ORIGINALLY ACQUIRED THIS PUBLICATION THROUGH THE WORLD-WIDE WEB OR AS HARD COPY EXPLICITLY AGREED TO THESE TERMS AND CONDITIONS. AS THE READER OF THIS DOCUMENT YOU ARE BOUND BY THE SAME TERMS. THE TERMS OF THIS LICENSE AGREEMENT ALSO APPLY TO REVISIONS OF THIS SPECIFICATION MADE AVAILABLE TO YOU BY THE OPEN GROUP.

LICENSE: The Open Group grants you a non-exclusive copyright license to read and display the Specification, and to use the Specification to develop and distribute a conformant software implementation of the Specification on the terms set out in this Agreement. For the avoidance of doubt, this License does not authorize you to edit, republish or distribute the Specification or create any derivative work therefrom.

CONFORMANCE: A software implementation must be and remain a complete and conformant implementation of the CSSM. A conforming implementation of CSSM provides and supports all the application programming interfaces and service provider interfaces defined in the Specification, and for each elective module the implementation must provide and support all the application programming interfaces and service provider interfaces for that module. A software implementation of CSSM may be tested for conformance using the CDSA Conformance Test Suite ("the Test Suite"), available from The Open Group web site. You are not permitted to use the Test Suite for any other purpose, nor to disclose or make any claim that any product has "passed" the Test Suite test. You can not make any claims that your software product conforms to CDSA or CSSM or the Specification unless such product is registered under the Open Brand program.

LIABILITY: THE SPECIFICATION AND ANY OTHER MATERIALS PROVIDED BY THE OPEN GROUP UNDER THIS AGREEMENT ARE PROVIDED "AS IS", AND THE OPEN GROUP MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AND EXPRESSLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS AND FITNESS FOR A PARTICULAR PURPOSE.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE OPEN GROUP HEREBY EXCLUDES ALL LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF OR RELATING TO THE USE BY ANY PERSON OF THE SPECIFICATION OR ANY OTHER MATERIAL PROVIDED HEREUNDER. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY INDIRECT OR CONSEQUENTIAL LOSSES INCLUDING, WITHOUT LIMITATION, ANY LOSS OF PROFITS, CONTRACTS, PRODUCTION OR USE.

TERMINATION OF THIS LICENSE: The Open Group may terminate this license at any time if you are in breach of any of its terms and conditions. Upon termination, you will immediately cease use of the Specification.

APPLICABLE LAW: This Agreement is governed by the laws of England and Wales, and you hereby agree to the non-exclusive jurisdiction of the English courts.

Contents Next section Index