Manualshelf

Common Data Security Architecture (CDSA) White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
11121314151617181920
Chapter 1 17
Common Data Security Architecture (CDSA) White Paper
What Is CDSA?
promote interoperability. The syntax for expressing PKCS definitions are based on the
Abstract Syntax Notation One (ASN.1), which is defined in two ISO standards that describe
data syntax and encoding.
While these higher-level protocols provide the basis for secure Internet application
interoperability, the APIs of the cryptographic libraries give the application developer access
to the cryptographic algorithms necessary to ensure data privacy, authentication, and
integrity. CDSA provides a comprehensive set of the cryptographic building-block libraries,
much like other cryptographics libraries already available to application developers.
HP’s Paradigm Shift
By offering CDSA, HP changes the way software developers can approach writing and
disseminating commercial security applications.
HP’s license agreement allows developers to write applications that make free use of CDSA
and to market the application as a product without paying royalties. The code is available on
HP platforms on a right-to-use (not right-to-distribute) basis. HP places no limitations on
how the cryptographic libraries can be used, in that any application can link to it or use it,
royalty-free.
Large and small developers alike benefit from the likelihood that the CDSA crypto APIs will
become pervasive through their adoption by the Open Group. Application developers will
benefit from the portability of code written using CDSA APIs. An application written with
CDSA APIs and linked against a CDSA library on a particular platform could be moved to any
other platform as long as the other platform had the appropriate CDSA library. No code
would have to be modified to make use of the same cryptographic capabilities or functionality.
As long as the other system has CDSA, you would simply have to recompile.
U.S. application developers implementing CDSA may need to seek U.S. government approval
for the export or reexport of their products due to the export control nature of certain
cryptography technologies and implementations. In addition, the import and use of certain
products with cryptography in some countries may require local country authorization. You
should consult with proper government authorities or your legal counsel before distributing
your products with cryptography.