It means that a WS client does not send a username and password, but instead a cryptographic digital certificate to the server (e.g., an X-509 certificate). The WS-Security standard defines how this works for WS.
What would this authentication service do? If a certificate gets sent, all the WS (or rather, its WS-Security implementation layer) needs to do is check whether that user is authorized to access the service.
Joined: Dec 26, 2005
Where can i get more details regarding this ? ie the WS Security standards, a sample of how a cryptographic digital certificate and how to authenticate the user using the certificate ?