Terminology reference for Security Services
This section documents z/OSĀ® Security Services terminology reference information.
- Auxiliary address space (AUX)
- The started task used to perform operations that require APF-authorization and cross-LPAR communications.
- Certificate
- A certificate contains public key and digital signature.
- Keystore
- A keystore contains certificates and private keys.
- Private key
- A private key is used to digitally sign or decrypt data.
- Public key
- A public key is used to verify digital signatures and encrypt data.
- SAF
- System Authorization Facility (SAF) is an interface that enables programs to use services to control access to resources such as data sets.
- security class
- A security class is a container for security profiles. The security profiles present in a class are specific to that class. To create a security class, you must enter commands specific to your security manager. If you do not know what security manager you have installed, ask your security administrator. In order to run these commands, your TSO ID must have elevated privileges which vary depending on your installed security manager. Note that this class name must be IZP.
- security profile
- A security profile provides a secure way to protect resources on your system. If a user has
access to the profile that protects a resource, then they are able to view
the resource. To create
a security profile, you must enter commands specific to your security
manager. If you do not know what security manager you have installed, ask
your security administrator. In order to run these commands, your TSO ID
must have elevated privileges, which vary depending on your installed
security manager. Note: Each user should only have access to one of the created profiles to ensure a proper configuration.
- surrogate user
- A surrogate user is used in place of a regular user to access protected resources. A
surrogate user will usually not have a password, so if only a surrogate user
has access to a resource, impersonation will have to be used to act as that
user and access the resource. This is for security purposes, as a user will
not be able to access protected resources outside of the product. Note that
surrogate users created for this product must have an OMVS segment.Note: A surrogate user is only applicable for the deprecated useSAFOnly=false option.
- Truststore
- A truststore contains certificates.
- UMS super administrator
- A user ID that is defined as a valid user with access to UMS and has READ
access to the
IZP.SUPERprofile. IZP is the default SAF HLQ, but can be changed as an installation parameter for UMS.
- Zowe System Services (ZSS)
- HTTP server used for z/OS system calls.
- Zowe cross-memory server (ZIS)
- The started task used to perform operations that require APF-authorization.