Authorization and Security for a web service

  I do enjoy when I get to branch out and do things I've never done before. We are getting deep into the planning stage of a new project that will be a web service to be consumed by an outside agency to integrate their data systems with ours. We will want there to be security and authorization so that our system has a reasonable assurance that the submitted data only comes from their system.  I'm pretty sure there are several ways to do this, but I have never done anything like it before.  So I'm hoping some of you can point me to any good information on what we need to think about?  How we might do this.  What the process and code might look like to implement.   Information along those lines. A couple of ideas that have already been raised.  We creating a public|private key that they use to connect to our server as well as standard user name|password authentication. Thanks Ian

Check out these presentations by Simone Free.  He's got some really good pointers in them. http://www.simonfree.com/presentations/cfobjective.html http://www.simonfree.com/presentations/cfunited-09---washington-dc.html http://www.simonfree.com/presentations/nashville-cfug.html Thanks, Eric Cobb ECAR Technologies, LLC http://www.ecartech.com http://www.cfgears.com Ian Skinner wrote: ----- Excess quoted text cut - see Original Post for more -----