Microsoft not only provides its own security products, but also uses third-party products. Before I examine Microsoft's own security services, therefore, I will describe the links it has to third-party products, how it provides those links, and what these products support which mechanisms in the list above. The main third-party products that Microsoft includes within its security framework are:

SSL SSL was introduced by Netscape and it has submitted the current version to an IETF (Internet Engineering Task Force) working group as an Internet Draft standard. SSL provides security services that are a combination of public key encryption, symmetric key encryption, and data integrity checking. It also includes authentication of the server and, optionally, the client's using both a user id/password approach and using the new public/private key encryption services.

Internet Explorer and Internet Information Server support SSL, which Microsoft has called Secure Channel services. Developers must use the Win32 APIs part of the ActiveX developer's kit to add secure channel support using this product.

Although Microsoft does support SSL, they also provide their own version of SSL called PCT (Private Communication Technology), which is supported in Explorer. PCT is based on SSL but separates the authentication mechanisms from the encryption mechanisms so that it is easier to export the technology.

CSPs The main CSP with which Microsoft is working is RSA Data Security, but it does have links...