For the purposes of this document, the following terms and definitions apply. The IEEE Standards Dictionary Online should be consulted for terms not defined in this clause.8
access control list: A security mechanism in which entities and authorizations (e.g., read, write, create, delete) are related to resources to determine the entities’ allowed operations on the resources.
certificate authority: An entity that issues digital certificates for use by other entities.
certificate chain: A chain of certificates, with each certificate’s signature verified using the key from the next certificate in the chain. The single exception is the certificate at the end of the chain (the trust anchor), known as the root certificate authority (CA) certificate, which is self-signed.
client: The device or host that interacts with a server to obtain information related to a resource hosted by the server.
3 Available online: http://pen.iana.org/pen/PenApplication.page.
4 ISO publications are available from the International Organization for Standardization (http://www.iso.org/) and the American National Standards Institute (http://www.ansi.org/).
5 ITU-T publications are available from the International Telecommunications Union (http://www.itu.int/).
6 NIST publications are available from the National Institute of Standards and Technology (http://www.nist.gov/).
7 W3C publications are available from the World Wide Web Consortium (https://www.w3.org/).
8 IEEE Standards Dictionary Online subscription is available at: http://dictionary.ieee.org.
device certificate: A digital certificate installed within a device that binds the device identity to the device. Device certificates are exchanged by network access control and application protocols to authenticate devices as genuine IEEE 2030.5 and further to prove specific device identity.
energy services interface (ESI): A device, with multiple network interfaces, which is a member of both the home smart energy network and a service provider’s private network. This is the primary mechanism for the service provider to contribute data and directives into the smart energy network and to receive responses from smart energy devices.
fingerprint: This is the result of summarizing a certificate with a secure hash function. The fingerprint is generally expressed as a hex string. It is used to confirm the integrity of a certificate obtained over an untrusted channel.
function set: A logical grouping of resources that cooperate to implement IEEE 2030.5 features (e.g., metering, demand response, and load control).
Function Set Assignments: A logical addressing mechanism in IEEE Std 2030.5 that allows devices to be directed to use specific resources (e.g., to facilitate a device’s participation in a program). Please see 8.6 for details.
function set instance: A single, top-level, instance of a function set (e.g., a single UsagePoint for the Metering function set, a single DemandResponseProgram for the Demand Response and Load Control function set).
host: This is the representation of a device in its application context. Typically represented by an Internet Protocol (IP) address or domain name.
intermediate CA: A certificate authority (CA) below the root CA that issues certificates to subordinate CAs.
issuing CA: A certificate authority (CA) that issues certificates to devices or code-signers.
manufacturer’s CA (MCA): An intermediate certificate authority (CA) operated by a specific manufacturer for the purpose of issuing manufacturing issuing CAs for that manufacturer.
manufacturing issuing CA (MICA): An issuing certificate authority (CA) that issues certificates to devices during the manufacturing process.
manufacturing public key infastructure (PKI): The set of certificate authorities (CAs) that issue certificates to devices during the manufacturing process. The set includes the Smart Energy Root CA, Manufacturer’s CAs, and Manufacturing Issuing CAs.
master resource identifier (mRID): An mRID is the global identifier attribute of an object. For further definition and formatting, see the schema (IEEE Std 2030.5 supplemental material).
node: This is the representation of a device in its network context, typically represented as an Internet Protocol (IP) address.
object identifier (OID): An OID consists of a node in a hierarchically-assigned namespace, formally defined using ITU-T’s ASN.1 standard (ITU-T Recommendation X.680).
privacy-enhanced electronic mail (PEM) format certificate: An X.509 certificate that has been Base64 encoded and wrapped in "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE " sentinels for
transport as a text file or block.
public key infrastructure (PKI): A set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
registered: The state of a device with regards to a particular server wherein an EndDevice record for the device has been populated on the server and that record contains a valid registration record. These records are typically populated with device information transmitted out-of-band to the server’s owner.
resource: Uniform resource identifier (URI) addressable object that is manipulated via the RESTful uniform interface.
resource discovery: The process whereby clients identify resources being served on the network. Clients issue a request to all devices on the network requesting resource(s) of interest. Servers hosting the requested resource(s) respond with information necessary to access the server and its resource(s).
root CA: A certificate authority (CA) whose certificate or public key is a trust anchor for any other certificates in a chain of trust.
root certificate: The root certificate authority’s self-signed certificate. Generally also a trust anchor.
self-signed certificate: A certificate whose issuer and subject are identical, and whose public key verifies its signature.
server: The device or host that holds a resource and exposes representations of that resource.
Smart Energy Root CA (SERCA): The top-level certificate authority (CA) for the IEEE 2030.5 manufacturing public key infastructure (PKI).
trust anchor: The root of trust for a certificate chain. This is an authoritative entity represented by a public key and associated data and is generally provided in the IEEE 2030.5 hierarchy in the form of a self-signed certificate.
trusted root store: An integrity-protected location for storing root certificates.