Authentication
Authentication is used to ensure that parties within a business transaction are really who they claim to be; thus proof of identity is required. This proof can be claimed in various ways:
| One simple way is by presenting a user identifier and a password. This is referred to as a username token in WS-Security domain. |
|
| A more complex way is to use an X.509 certificate issued by a trusted certificate authority. |
The certificate contains identity credentials and has a pair of private and public keys associated with it. The proof of identity presented by a party includes the certificate itself and a separate piece of information that is digitally signed using the certificate's private key. By validating the signed information using the public key associated with the party's certificate, the receiver can authenticate the sender as being the owner of the certificate, thereby validating their identity.
Two WS-Security specifications, the Username Token Profile 1.0/1.1 and the X.509 Certificate Token Profile 1.0/1.1, describe how to use these authentication mechanisms with WS-Security.
|
ibm.com/redbooks |