2.1.2 Client Security Settings

The client MUST choose the security settings as required by the Service Provider for a given Endpoint GUID. An Endpoint GUID is a unique GUID used to identify a set of RPC services provided by a Service Provider that are grouped together as a relevant whole. All services under an Endpoint GUID for a Service Provider share the same security requirements. A Service Provider MAY expose multiple Endpoint GUIDs and each MAY have different security requirements.

The WDS Control Protocol RPC client MUST use SSP security provided by RPC as specified in [MS-RPCE] when invoking a service of a Service Provider that requires authenticated clients for the Endpoint GUID. A client SHOULD authenticate using RPC_C_AUTHN_GSS_NEGOTIATE.

A client communicating to WDS Server using authentication MUST use RPC_C_AUTHN_LEVEL_PKT_PRIVACY. An unauthenticated client SHOULD use RPC_AUTHN_LEVEL_NONE.