The Security Support Provider Interface

	Read Document Microsoft Word Version sspi2000.doc 283 KB Word 2000 file 2 min @ 28.8 kbps Office File Viewers Download Compressed Word Document sspi2000.exe 154 KB executable file 1 min @ 28.8 kbps Office File Viewers

Summary

The Microsoft® Security Support Provider Interface (SSPI) is the well-defined common API for obtaining integrated security services for authentication, message integrity, message privacy, and security quality of service for any distributed application protocol. Application protocol designers can take advantage of this interface to obtain different security services without modification to the protocol itself.

The Microsoft® Security Support Provider Interface (SSPI) is the Win32® interface between transport-level applications and network security service providers. The interface is supported by the following operating systems:

• Windows NT®
• Windows® 98
• Microsoft remote procedure call (RPC) run-time for Windows 95
• RPC run-time for MS-DOS®, Windows 3.11, and Macintosh

This paper describes Microsoft SSPI and discusses the following issues:

• How to use SSPI to enhance security capabilities of a distributed application
• How to develop distributed applications using existing communication mechanisms--such as the distributed version of the Component Object Model (DCOM), Secure RPC, Winsock, and WinInet--and have integrated security capabilities from Windows NT
• How to integrate Windows 2000 authentication, message integrity, and privacy into distributed applications
• How application developers use the DCOM application framework and authenticated RPC to take advantage of SSPI services from higher-level interfaces
• How SSPI security services are available using application level interfaces such as Winsock 2.0 and WinInet

The major feature of SSPI is that applications have a common API to use different security packages, including Windows NTLM authentication, SSL/PCT public key cryptography providers, and in Windows 2000, a Kerberos authentication security provider.

Application developers have the option to call SSPI functions directly to integrate Windows NT security or use higher-level application interfaces based on DCOM, authenticated RPC, or Winsock 2.0. Microsoft continues to support SSPI by developing new security packages based on the interface specification. Microsoft encourages all Win32-based application developers to use the integrated security features of SSPI for secure distributed application development.