A system and methods for providing distributed and dynamic network services to remote access users. One of the methods includes providing a first certificate for requesting dynamic network services by a user network entity, and at least one second certificate for requesting static network services by the user network entity. According to one method, a user of the user network entity may generate a first message to request dynamic network services from a network service provider entity. For example, the first message may include the first certificate, a digital signature generated with a private encryption key associated with the first certificate and list of network service that the user wishes to set up dynamically. In one embodiment, when the network service provider entity receives the first message, the network service provider entity verifies the authenticity of the first certificate and, if the first certificate is authentic, the network service provider entity configures a network connection between the user network entity and a data network based on the network services requested by the user in the first message.