Standards Implemented

Applies To: Windows Server 2003, Windows Server 2003 with SP1

Many of the security features in IIS implement Internet community standards. These standards help to facilitate uniformity and cross-platform utilization of applications and information. Microsoft is committed to working with the Internet and computer communities both in assisting to structure good standards, but also in its implementation of those standards. The following standards are implemented by IIS security features:

• Secure Sockets Layer (SSL) 3.0. SSL 3.0 is a public key-based security protocol implemented by the Secure Channel (Schannel) security provider. SSL security protocols are used widely by Internet browsers and servers for authentication, message integrity, and confidentiality.

• Basic authentication. This authentication method is a part of the HTTP 1.1 protocol, as defined in RFC 2617 HTTP Authentication: Basic and Digest Access Authentication, and sends passwords over networks in Base64 encoded format. Most browsers support this specification.

• Digest authentication. This authentication method uses the MD5 message-digest algorithm as defined in RFC 1321, The MD5 Message-Digest Algorithm, and sends authentication information over networks as a hash and is compatible with proxy servers.

• Public-Key Cryptography Standard (PKCS) #7. This security standard describes the format of encrypted data such as digital signatures or digital envelopes that contain information. Both of these are involved in the certificate features of IIS.

• PKCS #10. This security standard describes the format of requests for certificates that are submitted to certification authorities.