SSPI Options for Distributed Applications

Developers have many options for building distributed applications. Security Support Provider Interface (SSPI) provides an abstraction layer between application-level protocols and security protocols. Applications can take advantage of the SSPI security protocols in several ways:

  • Call SSPI routines directly (for traditional, socket-based applications).

    The routines use request/response messages to implement the application protocol that carries SSPI security-related data.

  • Use COM to call security options that are implemented by using authenticated RPC and SSPI at lower levels.

    These applications do not call SSPI functions directly.

  • Use Windows Sockets 2 (WinSock) with the extended WinSock interface to allow transport providers to use security features.

    This approach integrates the security support provider (SSP) into the network stack and provides both security and transport services through a common interface.

  • Use the Windows Internet Extensions API (WinInet) and an interface designed to support Internet security protocols such as the Secure Sockets Layer (SSL) protocol.

    Applications use the SSPI interface to the Secure Channel (Schannel) security provider to implement WinInet security. Schannel is the Microsoft implementation of SSL.

Several SSPI functions return time stamps that represent the life span of various objects. Security packages can maintain time and provide time stamps in different ways, but using local time simplifies the work of applications that use SSPI functions.