Setting Up Mutual Authentication of Web Services
Early this week, I published an article, Mutual Authentication for Web Services: A Live Example, cowritten with Mark Basler, a senior staff engineer at Sun. The example application is Adventure Builder, an open-source project that's well-known within the Java community.
The article starts with explaining the philosophy behind setting up mutual authentication among Web services for the purpose of securing communications. It then walks you through the implementation process, which consists of two main procedures: exchanging digital certificates among participants and configuring endpoint deployment descriptors. Near the end of the article are debugging tips.
Mark Basler, a first-time coauthor of mine, was wonderful to collaborate with. He's knowledgeable, responsive, and helpful, which makes my job a breeze.