Security Goals
Integrated security services with Windows NT Directory Service
Delegated administrationand scalability for large domains
Strong networkauthentication protocols
Standard protocols for interoperability of authentication
Notes:
Single Enterprise-wide Login - Users login once to gain access to all network resources in the local network (campus) environment or enterprise-wide services available over public networks.
Decentralized Administration and Large Domains - Allow delegation of administration to smaller organizational units within domains and increase scalability of single master and multi-master domains to much larger organizations.
Integrated with Directory Service - Users and groups are objects in the DS rather than implemented in a separate security database. Security objects are implemented using the same infrastructure for managing computers, services, and other system components.
Multiple Security Authorities - The Security Support Provider Interface based on GSSAPI, isolates applications and NT system services from implementation details of specific security protocols. Windows NT supports targeted authentication services that complement NT authentication.
Authenticated DCOM/RPC - Integrated NT security with core distributed application infrastructure makes Windows NT the best application development platform available anywhere. Support for SSL/PCT by RPC runtime enables secure channel distributed applications based on public key credentials.