2.2.2 Intranet Web Environment

Protocol name


Document short name

Digest Protocol Extensions

Extends the Digest Authentication standard [RFC2617] and [RFC2831].


Remote Certificate Mapping Protocol

Used by servers that authenticate users by using X.509 certificates. This protocol allows the server to use a directory, database, or other technology to map the user's X.509 certificate to a security principal. This protocol returns the authorization information that is associated with the security principal in the form of a privilege attribute certificate (PAC), as specified in [MS-PAC], that represents the user's identity and group memberships.


Transport Layer Security (TLS) Profile

Specifies the differences between Microsoft implementation and the SSL/TLS standards.


NT LAN Manager (NTLM) Authentication Protocol

See section 2.2.1.


Kerberos Protocol Extensions

See section 2.2.1.


Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol

Specifies the Microsoft extensions to the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) protocol and enables the use of public key cryptography in the initial authentication exchange (that is, in the Authentication Service (AS) exchange) of the Kerberos protocol [MS-KILE].


Authentication Protocol Domain Support

See section 2.2.1.


Simple and Protected Generic Security Service Application Programming Interface Negotiation Mechanism (SPNEGO) Protocol Extensions

See section 2.2.1.