The client and server components of a transport application can use a security package to establish a secure connection for transmitting messages. The first step in establishing a secure connection is to create a security context, which is an opaque data structure that contains the security data relevant to a connection, such as a session key, the duration of the session, and so on. A security context is essentially a message from the security package associated with the client to the security package associated with the server. Consequently, creating a security context typically requires both client and server to make calls to their respective security packages.
The client starts the creation of a security context by calling the InitializeSecurityContext function. Typically, this call to InitializeSecurityContext returns a status code indicating partial success. The client then uses a socket, serial line, or other transport, to transmit the output of this call to the server.
The server calls the AcceptSecurityContext function, passing as input the output that it received from the client. The security package uses this input to generate the security context and authenticate the message. The AcceptSecurityContext function can generate a reply message that the server must send back to the client.
The client receives this reply from the server, and then passes it to the security package by making another call to InitializeSecurityContext. Depending on the security package and the context requirements, the InitializeSecurityContext and AcceptSecurityContext calls, and the transmission of messages between the client and server, can go on repeatedly. In general, the client and server should continue to exchange messages until either the context is successfully established, or there is a definite error.