SSPI Context Semantics

A security context is the set of security attributes and rules in effect during a communication session. This includes such information as the identities of the principal and information on the keys, ciphers, and algorithms being used. For Security Support Provider Interface (SSPI), a security context is an opaque structure that is created through an exchange involving the InitializeSecurityContext (General) function and the AcceptSecurityContext (General) function.

For more information about the context attributes, see Context Requirements.

The SSPI model supports three types of security contexts.


A connection-oriented context is the most common security context, and the simplest to use. The caller is responsible for the overall message format and for the location of the data in the message. The caller is also responsible for the location of the security-relevant fields within a message, such as the location of the signature data.


A datagram-oriented context has extra support for DCE-style datagram communication. It can also be used generically for a datagram-oriented transport application.


The Microsoft Kerberos package does not support datagram contexts in user-to-user mode.


A stream-oriented context is responsible for the blocking and message formatting within the security package. The caller is not interested in formatting, but rather a raw stream of data.


Related topics

Context Requirements
Connection-Oriented Contexts
Datagram Contexts
Stream Contexts