Developing security applications

The OCEP service provider modules are designed to plug in to the OCSF Framework. As such, applications that wish to use these service provider modules must understand and follow the OCSF requirements and conventions. For example, OCSF provides a set of APIs to perform core services, such as:

Installing and attaching service provider modules
The calling application uses the OCSF CSSM_ModuleAttach function, for example, to attach the specified OCEP service provider modules. CSSM_ModuleAttach then returns a handle value that represents a unique pairing between the calling application and the specific OCEP service provider module. The calling routine must then specify this handle when it invokes an API that is supported by an OCEP service provider. See Example Code Using the OCEP Trust Policy APIs for an example.
Querying the OCSF registry of available service provider modules
Enabling calls to other APIs
Managing storage
Managing errors

In addition, because service provider modules may implement the OCSF APIs differently, you should be aware of any differences between the parameters that are supported. For example, OCSF also provides trust policy and data storage library service provider modules. However, the way in which the APIs are implemented by these OCSF service provider modules support differs from the way they are implemented by OCEP. You should review your applications to ensure that they can correctly use the APIs, as they are supported by the OCEP service provider modules.

For more information about these OCSF requirements, see z/OS Open Cryptographic Services Facility Service Provider Module Developer's Guide and Reference.