Digest authentication supports client authentication to servers (based on the user's name and password) and server authentication to the client.
Windows implements the digest access authentication for HTTP/1.1 as specified in [RFC2617]. Windows also implements digest authentication as a Simple Authentication and Security Layer (SASL) mechanism, as specified in [RFC2831].
Higher-Layer protocols such as Lightweight Directory Access Protocol (LDAP) ([RFC2251]) employ digest authentication as an SASL mechanism. The Windows implementation is compliant with digest authentication, as specified in [RFC2617] and [RFC2831].
This protocol is also how Windows implements optional fields and behaviors (specified by keywords such as MAY or SHOULD) and how Windows implements support for older clients and servers that exhibit nonconforming behavior to [RFC2617] and [RFC2831].
Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in [RFC2119]. Sections 1.5 and 1.9 are also normative but do not contain those terms. All other sections and examples in this specification are informative.