The ability to support trust rules in support of identity assertion, is being added for Sailfin (to support jsr 289), and we will try to extend that capability to support trust configuration for ejb invocations.
at this time, I believe the configuration of trust rules for inter-container ejb invocations are limited to what can be accomplished in terms of defining trust roots for certifcate validation at the ssl layer. said another way, trust wrt to the processing of csiv2 identity assertions is presumed (as apposed to evaluated).
if you configure the ior of your ejb to require trust in client at the transport layer, and to support identity assertion, that should cause the client conatiner to establish a mutually authenticated ssl connection to the ejb container. The client container *should* assert the identity of its caller, within that pipe.
whether the client container will be allowed to establish the mutually authenticated pipe, will depend on whether the respective containers trust each other's certificate. trust in certifactes as used in ssl trust validation is configured by adding the repective certifcates in each other's store of trusted cert roots.
I think the following blog entry provides a good description of how to define the ior-security-config (see the SSL mutual auth example).
http://blogs.sun.com/swchan/entry/enterprise_java_bean_over_ssl
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=279468