Architecture of Outlook Web Access with the S/MIME Control

It is helpful to understand the architecture of Outlook Web Access with the S/MIME control at a high-level before discussing the specifics of implementing and using it. Understanding the architecture will help you understand how the specific pieces fit together.

As with Outlook Web Access, Outlook Web Access with the S/MIME control relies on the interaction of the Web browser and the Exchange server to provide the functionality for an e-mail client. The functionality of Outlook Web Access with the S/MIME control differs from Outlook Web Access without the S/MIME control because the S/MIME control provides a fully functional S/MIME e-mail client. The S/MIME control is designed to integrate seamlessly with Microsoft Internet Explorer 6.0 or later. Internet Explorer 6.0 is required so that the S/MIME control can take advantage of security enhancements. The S/MIME control is a Component Object Model (COM) object that also uses dynamic HTML (DHTML) to support the basic message security services: digital signatures and message encryption.

The user's client system and the user's Exchange server handle different aspects of digital certificates, depending on the digital certificate operation that is required. Outlook Web Access with the S/MIME control on the user's client system handles digital certificates that contain the user's private keys, but never sends the private keys to the Exchange server. The user's Exchange server handles digital certificates that contain other users' public keys. The user's Exchange server validates all digital certificates that contain both public and private keys by validating their expiration dates, validating the trust relationships, and checking their revocation status. Because of the processing required to handle digital certificates for public keys and for validating all certificates, this design (where the bandwidth-intensive processes are performed by the Exchange server) makes Internet-based access faster and more reliable for the client. Alternatively, the processor-intensive cryptography operations are on the local client. By keeping digital certificates with private keys on the client system, this design also ensures that private keys are never passed over the network. The following figure shows the architecture of Outlook Web Access with the S/MIME control.

Outlook Web Access with the S/MIME control architecture