The following Common Secure Interoperability Version 2 (CSIv2) features are available in IBM WebSphere Application Server: Secure Sockets Layer (SSL) client certificate authentication, message layer authentication, identity assertion, and security attribute propagation.
Supports a downstream server in accepting the client identity that is established on an upstream server, without having to authenticate again. The downstream server trusts the upstream server.
Authenticates credential information and sends that information across the network so that a receiving server can interpret it.
Provides an additional way to authenticate a client to a server using SSL client authentication.
Supports the use of the authorization token to propagate serialized Subject contents and PropagationToken contents with the request. You can propagate these objects using a pure client or a server login that adds custom objects to the Subject. Propagating security attributes prevents downstream logins from having to make user registry calls to look up these attributes.
Propagating security attributes is also useful when the security attributes contain information that is only available at the time of authentication. This information cannot be located using the user registry on downstream servers.
Related concepts
Security attribute propagation
Authentication protocol for EJB security
Related reference
Secure Sockets Layer client certificate authentication
Message layer authentication
Identity assertion