Identity Token Support utilizes secret material stored in an ICSF PKCS#11 Token. Access to the PKCS#11 Token in ICSF is controlled by the CRYPTOZ Class.
- Resource USER.token-name controls the access of the User role to the token.
- Resource SO.token-name controls the access of the Security Officer (SO) to the token.
Reference
z/OS Cryptographic Services ICSF Administrators Guide.