3.1.1 Abstract Data Model

The abstract data model in sections 3.2.1 and 3.3.1 describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with what is described in this document.

The Windows Security Health Agent (WSHA) and Windows Security Health Validator (WSHV) Protocol consist of a single exchange. The following should be noted:

• The WSHA reports the client's security health status, and the WSHV compares that status to a policy and returns a quarantine determination.

• The client does not maintain policy information, and the server does not maintain client state information.

The common WSHA and WSHV ADM elements are described in the following table:

Name	Type	Description
NAPSystemHealthID (section 2.2.4)	DWORD	The WSHA and WSHV set the value of the NAPSystemHealthID field to 0x13780 for both the SoH and SoHR messages. This value is used to identify the messages that were sent by either the WSHA or WSHV to ensure that the message is received correctly by the corresponding WSHA or WSHV. For more information about the NAPSystemHealthID ADM element, see section 2.2.4.
Flag (section 2.2.5)	8 BYTES	The WSHA uses a flag in the SoH to ensure the WSHV recognizes whether the SoH is new or is a duplicate of a previously received SoH.<6> The WSHA initializes the flag's value to 0 when the service is started on the client, and then increments that value for each SoH sent. The service is restarted when the client is rebooted or when the NAP Agent service on the client is restarted. For more information about the Flag ADM element, see section 2.2.5.
Version (section 2.2.6)	8 BYTES	The WSHA sets this value for the WSHV to differentiate the WSHA client version so that the WSHV recognizes how to handle client version-specific messages. For more information about the Version ADM element, see section 2.2.6.
HealthClassID (section 2.2.7)	BYTE	The WSHA uses the HealthClassID to specify which security health class data is being referred to. For more information about the HealthClassID ADM element, see section 2.2.7.