2.1 Transport

All remote procedure call (RPC) protocols use RPC dynamic endpoints as specified in Part 4 of [C706].

The NSPI Protocol uses the following RPC protocol sequences:

  • RPC over Named Pipes

  • RPC over HTTP

  • RPC over TCP

The protocol allows a server to be configured to use a specific port for RPC over TCP. The mechanism for configuring an NSPI server to use a specific port is not constrained by the NSPI Protocol. The mechanism for a client to discover this configured TCP port is not constrained by the NSPI Protocol.

This protocol MUST use the UUID F5CC5A18-4264-101A-8C59-08002B2F8426. The protocol MUST use the RPC version number 56.0.

This protocol SHOULD<2> indicate to the RPC runtime that it is to perform a strict Network Data Representation (NDR) data consistency check at target level 6.0, as specified in [MS-RPCE] section 3.

This protocol uses security information as described in [MS-RPCE]. The server MUST register one or both of the security providers NT LAN Manager Protocol (NTLM) and Kerberos. Additionally, the server MUST register the negotiation security provider.

The protocol does not require mutual authentication; the NSPI client and NSPI server MUST use an authentication mechanism capable of authenticating the client to the server. The protocol does not require that the NSPI client be capable of authenticating the NSPI server.

The protocol uses the underlying RPC protocol to retrieve the identity of the client that made the method call as specified in [MS-RPCE]. The server MAY<3> use this identity to perform access checks as specified in section 5 of this document.

The server MAY<4> enforce limits on the maximum RPC packet size that it will accept.