Developers Guide

This developer's guide explains how to use the CQL_CSM library to integrate instance-level security with caGrid data services. There is a separate overview of the CQL_CSM library.

The CQL_CSM library supports three different approaches for integrating instance-level security into a caGrid data services. This developers guide is organized into three parts that correspond to these three approaches:

• For data services that retrieve data from a relational database that is populated by a caCORE-based application, you should use the replacement CQL processor provded by the CQL_CSM library.
  
  Introduce-generated data services based on caCORE data use the CSM-API to provide instance-level security. This mechanism is not secure and should not be relied on for production use.
  
  
• To provide instance-level security for other types of caGrid data services that support the full CQL query language, use the CQL preprocessor from the CQL_CSM library.
  
  
• To provide instance-level security for csGrid data services that are not based on relational database and do not support the full CQL query language, it is necessary to write custom code. The CQL_CSM library provides simplified access to the CSM authorization model to make the job of writing the custom code easier.

CSM leaves the interpretation of the fields in protection elements up to the services and applications that use the CSM model. When a service uses the CQL_CSM Library's CQL pre-processor or the replacement CQL processor, the interpretation of protection element fields follows CQL_CSM rules.