For my sins, I am in charge of developing a service for providing data to both our internal systems running .net apps as well as external systems running php. For the sake of future proofing, I want to ensure it is callable from ruby as well.
My service will perform authentication and look up account details from a central user repository. So go to our php web front end, enter username/password and the php app calls my thing. Internally, it will be wcf over local tcp/ip, externally, webservice, possibly ws-security.
Obviously, we want to ensure this thing is only called by trusted callers. My initial inclination is to insist on some client certificate mechanism, but as I am a complete n00b outside of the .net world, I need some advice.
Do current php/ruby implementations of web service calls support caller client certs? I'm going to go ahead and assume the php/ruby callers run on some standard, modern version of linux. What are the pitfalls to watch out for? The last thing I want is to build this awesome thing, have our .net callers work fine and then need to rebuild it/kludge something together to get it working for our php callers.
Any advice is appreciated.