SSPI Context Semantics

A security context is the set of security attributes and rules in effect during a communication session. This includes such information as the identities of the principal and information on the keys, ciphers, and algorithms being used. For Security Support Provider Interface (SSPI), a security context is an opaque structure that is created through an exchange involving the InitializeSecurityContext (General) function and the AcceptSecurityContext (General) function.

For more information about the context attributes, see Context Requirements.

The SSPI model supports three types of security contexts.

Type Description
Connection A connection-oriented context is the most common security context, and the simplest to use. The caller is responsible for the overall message format and for the location of the data in the message. The caller is also responsible for the location of the security-relevant fields within a message, such as the location of the signature data.
Datagram A datagram-oriented context has extra support for DCE-style datagram communication. It can also be used generically for a datagram-oriented transport application.


The Microsoft Kerberos package does not support datagram contexts in user-to-user mode.

Stream A stream-oriented context is responsible for the blocking and message formatting within the security package. The caller is not interested in formatting, but rather a raw stream of data.


Context Requirements

Connection-Oriented Contexts

Datagram Contexts

Stream Contexts