3.3.2.6.3 Endpoint Mapper Requests Security Information

As specified, [C706] does not make it explicit what security information needs to be applied to requests from the client to the endpoint mapper to resolve the endpoint for an interface. These extensions prescribe that clients MAY use security for making requests to the endpoint mapper. If they do, the authentication type SHOULD be the same as the authentication type for the partial binding handle that the client is trying to resolve and SHOULD have the integrity authentication level.

If a security provider uses an authentication type that is not specified here, and this authentication type requires other parameters for the authentication, an implementation SHOULD choose values for these parameters that maximize interoperability while making the endpoint mapper requests safe from tampering when in transit on the network.<116>