For explaining my situation, I will start with an example. Let's say there are two WS(WebService) clients A & B with trusted certificates. Now in normal excecution when both A & B make a call to WAS(Websphere application server) through SSL where my WebServices reside, WAS trusts both of them because of their trusted certificates and alows access to required WS. What we like to have is to allow only A not B to access WS on WAS, so after certificates verification is it possible to extracts user info (from WAS admin or Java way)which will be mapped to role defined in WAS for accessing WS. Any ideas? Thanks,