The DL service provider interface (SPI) defines four categories
of operations:
- DL operations
- Data store operations
- Data record operations
- Extensibility operations.
DL operations are used to control access to the DL library. They
include:
- Authentication to the DL Module - A user may be required to present
valid credentials to the DL prior to accessing any of the data stores
embedded in the DL module. The DL module will be responsible for insuring
that the access privileges of the user are not exceeded.
The data store functions operate on a data store as a single unit.
These operations include:
- Opening and closing data stores - A DL service manages the mapping
of logical data store names to the storage mechanisms it uses to provide
persistence. The caller uses logical names to reference persistent
data stores. The open operation prepares an existing data store for
future access by the caller. The close operation terminates current
access to the data store by the caller.
- Creating and deleting data stores - A DL creates a new, empty
data store and opens it for future access by the caller. An existing
data store may be deleted. Deletion discards all data contained in
the data store.
- Importing and exporting data stores - Occasionally a data store
must be moved from one system to another, or a DL service may need
to provide access to an existing data store. The import and export
operations may be used in conjunction to support the transfer of an
entire data store. The export operation prepares a snapshot of a data
store. (Export does not delete the data store it snapshots.)
- The import operation accepts a snapshot (generated by the export
operation) and includes it in a new or existing data store managed
by a DL. Alternately, the import operation may be used independently
to register an existing data store with a DL.
The data record operations operate on a single record of a data
store. They include:
- Adding new data objects - A DL adds a persistent copy of data
object to an open data store. This operation may or may not include
the creation of index entries. The mechanisms used to store and retrieve
persistent data objects are private to the implementation of a DL
module.
- Deleting data objects - A DL removes single data object from the
data store.
- Retrieving data objects - A DL provides a search mechanism for
selectively retrieving a copy of persistent security objects. Selection
is based on a selection criterion.
Data store extensibility operations include:
Pass through for unique, module-specific operations - A passthrough
function is included in the DLI to allow data store libraries to expose
additional services beyond what is currently defined in the OCSF API.
OCSF passes an operation identifier and input parameters from the
application to the appropriate DL. Within the DL_PassThrough function
in the DL, the input parameters are interpreted and the appropriate
operation performed. The DL developer is responsible for making known
to the application the identity and parameters of the supported passthrough
operations.