Introduction

Signed Manifests

Signed manifests are extensible. Attributes of arbitrary type can be associated with any given digital object. This specification defines the framework for a signed manifest with a minimal set of well known name:value pairs that are common to all signed manifests. The set of valid defined names for name:value pairs will increase over time.

Common Data Security Architecture

• System Security Services

• The Common Security Services Manager (CSSM)

• Security Add-in Modules (cryptographic service providers, trust policy modules, certificate library modules, and data storage library modules)

CDSA is intended to be the multi platform security architecture that's horizontally broad and vertically robust.

The CSSM is the core of CDSA. CSSM manages categories of security services and multiple discrete implementations of those services as add-in security modules. CSSM:

• Defines the application programming interface for accessing security services

• Defines the service provider's interface for security service modules

• Dynamically extends the security services available to an application, while maintaining an extended security perimeter for that application, based on integrity services that use signed manifests

Applications request security services through the CSSM security API or via layered security services and tools implemented over the CSSM API. The requested security services are performed by add-in security modules.

Over time, new categories of security services will be defined, and new module managers will be required. CSSM supports elective module managers that dynamically extend the system with new categories of security services. Again CSSM manages the extended security perimeter using signed manifests to ensure integrity and authenticity of the dynamic extensions.