The emerging CDSA (Common Data Security Architecture) framework took a major step forward at last month’s RSA Data Security conference in San Francisco, when IBM Corp and RSA itself agreed to work together to add their security services and products. This agreement builds on the acceptance of the second version of the framework – originally developed by Intel Corp in its Architecture Labs – by The Open Group in January as a standard for developing open enterprise security systems. CDSA is an umbrella framework for security functions, such as encryption, trust, directory lookup, key management, and certification. For example, developers might want to use the framework (and the associated toolkits that companies such as RSA are building) to sometimes have weak, and sometimes strong encryption in a particular application. Its backers want to turn it into the most commonly accepted way to develop security management products, using a standard API and service provider mechanism. Since Intel wrote the base, IBM extended it under the name Key Works and added service providers. CDSA is now being targeted to third party application developers now that RSA will be offering toolkit development support. RSA’s parent, Security Dynamics Technologies Inc, is also joining the party in adopting CDSA in acknowledging the IBM Key Recovery extensions to CDSA as the common means of backing up and recovering PKI [public key infrastructure] keys. Both firms have said they will build CDSA support into future products, as well as developing toolkits using it. RSA will join IBM and Intel in adding its BSAFE cryptography engine to the framework, while RSA itself will add higher level protocols support and toolkits (incorporating non-public key infrastructure security products such as its Smail and S/mime) on top of CDSA. Go to http://www.intel.com/ial/security for more information on the framework.
