Can some one tell me what is certificate based authentication and how it can be implemented as a service ? Iam trying to build a authentication service.
Joined: Mar 22, 2005
It means that a WS client does not send a username and password, but instead a cryptographic digital certificate to the server (e.g., an X-509 certificate). The WS-Security standard defines how this works for WS.
What would this authentication service do? If a certificate gets sent, all the WS (or rather, its WS-Security implementation layer) needs to do is check whether that user is authorized to access the service.