Terms and concepts for network security services
The following terms and concepts apply to the information about network security services (NSS):
- certificate bundle
- An X.509 bundle as defined in Section 3.6 of RFC 5996, Internet Key Exchange Protocol: IKEv2. A certificate bundle can contain multiple DER encoded certificates and certificate revocation lists (CRLs). You can use the certbundle command to create a certificate bundle.
- Certificate revocation list (CRL)
- A time-stamped list of revoked certificates that is signed by a certificate authority.
- CRLDistributionPoints
- An optional X.509 certificate extension that identifies one or more locations where the CRL for a certificate is.
- hash and URL encoding
- A certificate payload encoding that includes the hash of a certificate or bundle and the URL that identifies where that certificate or bundle can be retrieved from an HTTP server
- IPSec certificate service
- A service for NSS IPSec clients that provides IPSec digital signature and verification services.
- IPSec discipline
- A set of services provided to an NSS IPSec client. The services are the IPSec certificate service and the IPSec remote management service.
- IPSec remote management service
- A service for NSS IPSec clients that provides remote IPSec management capability.
- Network security services (NSS)
- A set of services that performs security enforcement or management. The services are provided in groupings called security disciplines.
- NSS client
- A client that requests network security services from an NSS server.
- NSS daemon (NSSD)
- The z/OS® UNIX daemon that implements the NSS server functionality.
- NSS IPSec client
- An NSS client that is using the IPSec discipline. The z/OS IKE daemon can act as an NSS IPSec client for one or more TCP/IP stacks.
- NSS server
- Provides network security services for one or more NSS clients.
- NSS XMLAppliance client
- An NSS client that is using the XMLAppliance discipline.
- security discipline
- A specific grouping of network security services.
- trust chain
- The signing sequence of certificates for any particular certificate back to a root certificate authority.
- XML appliance
- A network appliance that processes XML messages efficiently and securely. XML appliances often offload XML parsing and transformations from host systems and implement a variety of XML security features.
- XMLAppliance certificate service
- A service for NSS XMLAppliance clients that provides key ring listing and certificate retrieval capability.
- XMLAppliance discipline
- A set of services provided to an NSS XMLAppliance client. The NSS server supports the XMLAppliance SAF access service, the XMLAppliance certificate service, and the XMLAppliance private key service.
- XMLAppliance private key service
- A service for NSS XMLAppliance clients that provides private key retrieval of private keys that are not protected by Integrated Cryptographic Service Facility (ICSF), RSA signature generation using ICSF-protected private keys, and RSA message decryption using ICSF-protected private keys.
- XMLAppliance SAF access service
- A service for NSS XMLAppliance clients that provides SAF user authentication and access control capability.
For additional IP security-related terms, see IP security.