The Security Support Provider Interface (SSPI) allows an application to use any of the various security models available on a computer or network without changing the interface to the security system. SSPI does not establish credentials (logon), because that is generally a privileged operation handled by the operating system.
A security provider is a dynamic-link library that implements the Security Support Provider Interface to make one or more security packages available to applications. Each security package provides the necessary mapping between the SSPI and the actual security model, such as Kerberos or Microsoft LAN Manager.
An application can use the package management functions to list the security packages available and select one to support its needs. The application then uses the credential management functions to obtain a handle to the credentials of the user on whose behalf they are executing. With this handle, the application can use the context management functions to create a security context to a service. A security context is an opaque data structure that contains the security data relevant to a connection, such as a session key, the duration of the session, and so on. Finally, the application uses the security context with the message support functions to ensure message integrity and privacy during the connection.