These service provider modules enable applications to use z/OS Security Server (RACF), or equivalent product, to provide security functions for digital certificates and key rings.

The OCEP service provider modules implement a subset of the application programming interfaces (APIs) that are defined by OCSF. Applications can use these OCEP service provider modules, and their supported APIs, to retrieve and use digital certificates and private keys that are stored in the RACF database on a z/OS system.

In addition to the OCSF Framework, the OCEP service provider modules are intended to work with the OCSF Certificate Library and Cryptographic Service Provider modules. As Figure 1 shows, the OCSF Framework itself manages the interactions between the service provider modules and the applications that use them.

For a detailed description of the OCSF application programming interfaces and the service provider modules that OCSF supports, see the following publications:

• z/OS Open Cryptographic Services Facility Application Programming.
• z/OS Open Cryptographic Services Facility Service Provider Module Developer's Guide and Reference

Figure 1. Overview of the OCEP and OCSF Infrastructure