The OCSF Framework layer is the central component in the OCSF architecture; it integrates and manages all the security services. OCSF enables tight integration of individual services, while allowing those services to be provided by interoperable service provider modules. The OCSF Framework has a rich application programming interface (API) to support the development of secure applications and system services, and a service provider interface (SPI) that supports service provider modules that implement building blocks for secure operations.

The primary function of the OCSF Framework layer is to maintain a state regarding the connections between the application layer code and the service providers underneath. Additionally, the OCSF mediates all interactions between applications and the service provider modules and implements and enforces the applicable cryptographic policy. Finally, the OCSF Framework allows the seamless integration of other security functions provided by independent service provider modules.

The OCSF Framework does not prescribe or implement any security services. Application-specific security services are defined and implemented by service provider modules and layered services. The OCSF Framework defines a common API for accessing the services provided by service provider modules. OCSF redirects application API calls to the selected service provider module that will perform the request.

The OCSF API calls can be categorized as service operations or core services. Service operations are functions that invoke a service provider module security operation, such as encrypting data, adding a certificate to a Certificate Revocation List (CRL), or verifying that a certificate is trusted/authorized to perform some action. OCSF module managers are responsible for carrying out service operations. Core services include functions that perform:

• Module management
• Memory management
• Security context management
• Integrity verification.

Open Cryptographic Services Facility Framework discusses the OCSF Framework core services. The individual OCSF module managers are discussed in OCSF Policy Modules through Data Storage Library Module Manager. See Service Provider Modules, for information on the IBM service provider modules and the functions supported by the individual service providers.