The following terms and concepts apply to the information about
network security services (NSS):
- certificate bundle
- An X.509 bundle as defined in Section 3.6 of RFC 5996, Internet
Key Exchange Protocol: IKEv2. A certificate bundle can contain
multiple DER encoded certificates and certificate revocation lists
(CRLs). You can use the certbundle command to
create a certificate bundle.
- Certificate revocation list (CRL)
- A time-stamped list of revoked certificates that is signed by
a certificate authority.
- CRLDistributionPoints
- An optional X.509 certificate extension that identifies one or
more locations where the CRL for a certificate is.
- hash and URL encoding
- A certificate payload encoding that includes the hash of a certificate
or bundle and the URL that identifies where that certificate or bundle
can be retrieved from an HTTP server
- IPSec certificate service
- A service for NSS IPSec clients that provides IPSec digital signature
and verification services.
- IPSec discipline
- A set of services provided to an NSS IPSec client. The services
are the IPSec certificate service and the IPSec remote management
service.
- IPSec remote management service
- A service for NSS IPSec clients that provides remote IPSec management
capability.
- Network security services (NSS)
- A set of services that performs security enforcement or management.
The services are provided in groupings called security disciplines.
- NSS client
- A client that requests network security services from an NSS server.
- NSS daemon (NSSD)
- The z/OS® UNIX daemon that implements the NSS server functionality.
- NSS IPSec client
- An NSS client that is using the IPSec discipline. The z/OS IKE daemon can act as an NSS
IPSec client for one or more TCP/IP stacks.
- NSS server
- Provides network security services for one or more NSS clients.
- NSS XMLAppliance client
- An NSS client that is using the XMLAppliance discipline.
- security discipline
- A specific grouping of network security services.
- trust chain
- The signing sequence of certificates for any particular certificate
back to a root certificate authority.
- XML appliance
- A network appliance that processes XML messages efficiently and
securely. XML appliances often offload XML parsing and transformations
from host systems and implement a variety of XML security features.
- XMLAppliance certificate service
- A service for NSS XMLAppliance clients that provides key ring
listing and certificate retrieval capability.
- XMLAppliance discipline
- A set of services provided to an NSS XMLAppliance client. The
NSS server supports the XMLAppliance SAF access service, the XMLAppliance
certificate service, and the XMLAppliance private key service.
- XMLAppliance private key service
- A service for NSS XMLAppliance clients that provides private key
retrieval of private keys that are not protected by Integrated Cryptographic
Service Facility (ICSF), RSA signature generation using ICSF-protected
private keys, and RSA message decryption using ICSF-protected private
keys.
- XMLAppliance SAF access service
- A service for NSS XMLAppliance clients that provides SAF user
authentication and access control capability.
For additional IP security-related terms, see IP security.