5.1 Security Considerations for Implementers

The Remote Certificate Mapping Protocol enables a user with an X.509 certificate and corresponding private key to gain access to resources based on group information associated with a given Active Directory account. Prior to performing the Remote Certificate Mapping Protocol, the Remote Certificate Mapping Protocol client has to first authenticate the user using the X.509 certificate because the authorization information returned by the Remote Certificate Mapping Protocol server enables the user to gain access to various resources.

The Remote Certificate Mapping Protocol itself does not have any built-in security mechanisms to provide authentication and assure the confidentiality and integrity of the Remote Certificate Mapping Protocol client/Remote Certificate Mapping Protocol server message exchange. Instead, it relies on security mechanisms, as specified in [MS-RPCE], used to protect Netlogon remote procedure call (RPC), as specified in [MS-NRPC], that transport Remote Certificate Mapping Protocol request/response messages.