PreviousNext

Overview - The Extended Attribute API

This topic describes the extended attribute APIs. There are two extended attribute APIs: the extended registry attribute (ERA) interface to create attributes in the registry database and the DCE attribute interface to create attributes in a database of your choice.

The ERA interface (consisting of sec_attr_*( ) calls) provides facilities for extending the registry database by creating, maintaining, and viewing attribute types and instances, and providing information to and receiving it from outside attribute servers known as attribute triggers. It is the preferred API for security schema and attribute manipulations. Application servers that manage legacy security attributes or provide third-party processing of attributes stored in the registry database can export and implement the sec_attr( ) interface. Trigger servers are accessed through the sec_attr_trig( ) interface by the security client agent during certain sec_rgy_attr_*( ) calls. The ERA interface uses the same binding mechanism as the registry API, described in The Registry API.

The DCE attribute interface (consisting of dce_attr_sch_*( ) calls) is provided for schema and attribute manipulation of data repositories other than the registry. Although similar to the ERA interface, the functionality of the DCE attribute interface is limited to creating schema entries (attribute types). The interface does not provide calls to create and manipulate attribute instances or to access trigger servers.

The topic first describes the ERA interface and then the DCE attribute interface. Finally is describes macros and utilities provided for developers who use either attribute API.