This page discusses example Policy Providers (PPs), Security Contexts (SCs), and a mock BPA used for testing the BSL proper. The BSL proper is associated with the Frontend and Dynamic Backend groups.

Example Policy Providers

The unit tests of the BSL use, where necessary, very minimal implementations of a PP to set up preconditons for test cases.

The Mock BPA uses a PP implementation tailored to meet the needs of the BSL acceptance tests. This PP uses a set of bit fields within an integer program argument to control policy options; the fields are documented on bsl_mock_policy_configuration_t. It also allows multiple integer policy values to be configured in a single running Mock BPA. This PP is registered and used by the Mock BPA for BSL testing.

Todo:: A more full-featured draft PP maintained as part of the BSL source is based on the JSON-encoded policy structure used in the earlier ION implementation of the Default Security Contexts [10]. This PP is not fully implemented for BSL v1.0.0 so is not considered part of this release.

Sources related to these example PPs are associated with the Example Policy Provider group.

Example Default Security Contexts

The two Default Security Contexts defined in RFC 9173 [4] offer minimal, interoperable, and pre-shared-key-focused integrity and confidentiality operations.

An implementation of these two SCs is maintained as part of the BSL source and uses the BSL crypto library as an interface to the OpenSSL library [15] from the host OS. These SCs are registered and used by the Mock BPA for BSL testing.

Sources related to these example SCs are associated with the Default Security Contexts group.

Mock BPA

The BSL source repository contains a "Mock BPA" application which performs a minimal amount of BPv7 PDU processing and exercises the BSL service interface on those bundles. The Mock BPA uses an un-framed UDPCL-like interface for its underlayer and also its application overlayer for ease of integration with a larger test fixture.

The Mock BPA is limited to a single registered endpoint, and does no other handling normally required by RFC 9171 [6]. So for this reason it is not a true BPA and must not be treated as one.

Upon startup, the Mock BPA registers a single ION-based Example Policy Provider and the two example Default Security Contexts.

Sources related to the Mock BPA are associated with the Example/Mock BP Agent group.

Key Management

The keys used by the example SCs registered in the Mock BPA are obtained from a file using the JSON Web Key (JWK) format of RFC 7517 [13].

The implementation to support these SCs only handles symmetric keys and only the minimal header parameters needed for key ID ("kid") and key material itself.