Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesSupporting Multiple Security Protocols

May 1997 / Cover Story / NT 5.0 in the Enterprise / Supporting Multiple Security Protocols

Different security protocols can have very different APIs. These differences can create real problems for applications that might want to use more than one of them. Microsoft's solution to this problem for both Windows 95 and Windows NT is the Security Service Provider Interface (SSPI). SSPI is a not completely compatible version of the IETF-standard (Internet Engineering Task Force) Gen eric Security Services API (GSSAPI). Like GSSAPI, Microsoft's SSPI provides a standard way to access distributed security services regardless of what they happen to be.

Components called Security Service Providers (SSPs) implement security protocols. In NT 4.0, Microsoft includes SSPs for NT LAN Manager (NTLM) and Secure Sockets Layer (SSL)/Private Communications Technology (PCT). In NT 5.0, this list expands to include Kerberos and an enhanced version of the SSL/PCT provider. Also, because the interfaces required to implement an SSP are public, other vendors are free to implement their own if desired.

The users of SSPI are protocols. Among those that sit on top of this interface are HTTP, LDAP, the SMB-based extended Common Internet File System (CIFS) protocol used by Microsoft's Distributed File System (Dfs), and Microsoft remote procedure call (RPC). (Distributed Component Object Model [DCOM] exposes a separate seucrity API built on top of the Microsoft RPC run time.) Any of these protocols can use any of the SSPs, letting each one make the most appropriate choice. By cleanly separating the users of distributed security services from their providers, this architecture allows supporting many options without creating unusable complexity.

Up to the Cover Story section contentsGo to previous article: Microsoft's Distributed File SystemSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network