3.3.1 Abstract Data Model

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that described in this document.

The protocol requires that the DC MUST have a database or directory of accounts with authentication and authorization information available to it. All state information, specifically the nonce challenge that foils replay attacks ([MS-DPSP] section 3.2.1) MUST be handled by the participants of the Digest authentication protocol [RFC2617] [RFC2831], and MUST be sent as part of the DIGEST_VALIDATION_REQ message.