2.5.1 Summary of Supporting Actors and System Interests
The use cases of the Authentication Services protocols have the following supporting actors:
Account database: To authenticate client and server application identities, the Authentication Services protocols depend on the account database (account DB) as an identity store. Windows uses an account database implemented by means of Active Directory Services, as described in [MS-ADOD]. The account DB is on the same machine as the Authentication Authority (AA), so no network traffic occurs.
Public key infrastructure (PKI): To authenticate the identities of client and server applications that use certificate-based authentication mechanisms, the Authentication Services protocols use Windows PKI to verify digital certificates and use the symmetric and asymmetric cryptography services of Windows PKI to provide security services, such as encryption and signing algorithms to the client and server applications. Windows implements PKI by means of Certificate Services [MS-CERSOD].