SSPI stands for the Security Support Provider Interface, which helps a client and server establish and maintain a secure channel, providing confidentiality, integrity, and authentication (Item 58). It abstracts most of the details of performing an authentication handshake and provides methods for integrity-protecting and encrypting data being sent on the wire as well as for decrypting and validating that data on the other side. Providers, such as Kerberos, NTLM, and Negotiate, sit underneath this abstract interface. Figure 65.1 shows the basic architecture.

Figure 65.1. The Security Support Provider Interface

Whereas SSPI ...