This week's book giveaway is in the Android forum.
We're giving away four copies of Head First Android and have Dawn & David Griffiths on-line!
See this thread for details.
The moose likes Web Services and the fly likes Certificate based authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Certificate based authentication" Watch "Certificate based authentication" New topic

Certificate based authentication

Ramprasad Krishnamurthy

Joined: Dec 26, 2005
Posts: 7
Hi all,

Can some one tell me what is certificate based authentication and how it can be implemented as a service ? Iam trying to build a authentication service.

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42956
It means that a WS client does not send a username and password, but instead a cryptographic digital certificate to the server (e.g., an X-509 certificate). The WS-Security standard defines how this works for WS.

What would this authentication service do? If a certificate gets sent, all the WS (or rather, its WS-Security implementation layer) needs to do is check whether that user is authorized to access the service.
Ramprasad Krishnamurthy

Joined: Dec 26, 2005
Posts: 7
Where can i get more details regarding this ? ie the WS Security standards, a sample of how a cryptographic digital certificate and how to authenticate the user using the certificate ?

Thanks a lot

I agree. Here's the link:
subject: Certificate based authentication
It's not a secret anymore!