This document specifies the Remote Certificate Mapping Protocol. The Remote Certificate Mapping Protocol is used by servers that authenticate users via X.509 certificates, as specified in [X509]. This protocol allows the server to use a directory, database, or other technology to map the user's X.509 certificate to a security principal. This protocol returns the authorization information associated with the security principal in the form of a privilege attribute certificate (PAC), as specified in [MS-PAC], that represents the user's identity and group memberships. Throughout this document, little-endian format applies unless otherwise stated.
Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples in this specification are informative.