This page covers the using BSL from the perspective of a BPA developer integrating the BSL through its service interface.

BPA–BSL Interactions

A BPA interacts with the BSL through two distinct interfaces:

A service interface provided by the BSL, which is called by the BPA when security processing of a bundle is needed
A callback interface provided by the BPA

BPA--BSL Interfaces

BSL Service API

Each runtime instance of the BSL is isolated for thread safety within a host-specific struct referenced by a BSL_LibCtx_t pointer.

The runtime instance is used by the BPA via the BSL service interface to process bundles at each of the following four security interaction points within the BPA's bundle workflow. When invoked from the BPA, all BSL activities will occur within the context of a single bundle which is referenced by a BSL_BundleRef_t pointer.

Details of how the BSL processing order relates to other BPA processing of bundles along the BPA's workflow are left to the BPA integration.

After bundle transmission from an application source, indicated by BSL_POLICYLOCATION_APPIN
Before bundle delivery to an application destination, indicated by BSL_POLICYLOCATION_APPOUT
After bundle reception via a CLA, indicated by BSL_POLICYLOCATION_CLIN
Before bundle forwarding via a CLA, indicated by BSL_POLICYLOCATION_CLOUT

These are shown for a notional BPA in the diagram below, where each edge indicates one of the four interaction points listed above.

BPA Interaction Points

BPA Callback API

Separate from the API used to call into the BSL to initiate security processing, the BSL relies on specific functions provided by the BPA to do its normal processing. Some of these functions are for introspecting and manipulating specific bundle or block contents, others are for encoding and decoding EID and EID Pattern values.

The BSL dynamic backend declares a set of functions which are delegated to the BPA, which are registered in the dynamic backend using the BSL_HostDescriptors_t struct and the BSL_HostDescriptors_Set() function.