users@glassfish.java.net

Appropriate security mechanism for this case?

From: <glassfish_at_javadesktop.org>
Date: Thu, 02 Oct 2008 10:48:48 PDT

I need to create few web services that will be accessed by several clients. I want to authenticate and authorize the clients, so for example UsernameToken with separate credentials for each client would be fine. Instead, I would like to use certificates instead of usernames and passwords. So then there would be separate certificate for each client and each certificate must only be allowed to access certain web service.

Which is the correct security mechanism for this: Mutual Certificates Security, Endorsing Certificate or maybe some else? How do I recognize the certificate used to access the server to do authorization?
[Message sent by forum member 'pboro' (pboro)]

http://forums.java.net/jive/thread.jspa?messageID=303001