3.2.4 Message Processing and Sequencing Rules

For all of the following methods, before processing the method, the server SHOULD obtain the identity and authorization information about the client from the underlying DCOM or RPC runtime. All server methods SHOULD impose an authorization policy decision based on the client's identity and authorization information before performing the function.

The method SHOULD fail to complete if there is insufficient authorization.<16>

All of the parameters to IVolumeClient, IVolumeClient2, IVolumeClient3, IVolumeClient4, and IDMRemoteServer methods that are not specified as being used MUST be ignored by the server.