Untrusted requests contain the name of a procedure to call and any applicable data. Untrusted requests can only run a single procedure, meaning that nested procedures cannot be called by a procedure specified in an untrusted request. In addition, the procedures called by an untrusted request must be marked as Public. When a request without explicit credentials is submitted from a COM or HTTP/Simple Object Access Protocol (SOAP) application, it is handled as an untrusted request. An untrusted request is authenticated based on its COM security context, as facilitated by Kerberos delegation.

An untrusted request is passed by the MPF Client to either a Provisioning Engine or the queue manager. Subsequently, one of the following API methods of a Provisioning Engine is invoked, as appropriate:

• IProvEngine::SubmitRequest - Invoked for requests submitted to a Provisioning Engine.
  
• IProvQueue::SubmitRequest - Invoked for requests submitted to the queue manager.