Hi, I am trying to figure out how to handle authentication and data for client applications who will connect to eachother. In other words, each client app would authenticate to.. and use a central service to find out info about the other client so that they can connect directly. Specifically, what should I deploy to accomplish this and maintain security and privacy?
+1
A:
One way to implement this would be via ssl. Let us assume you have a client A that wishes to talk to client B via a central server C. Client A will first connect to C via SSL & will request info about client B. C will furnish B's info & will also send an encryption key over SSL for A to communicate with B. B will also perodically check with C over ssl for any communication requests from other clients. If there is any, it will download the respective key from C again via ssl. Now A can directly communicate with B using the downloaded encryption key from C. This gives both privacy and security for client communications.
msvcyc
2009-06-29 16:51:16