I have a problem and am not sure where to start, so I will just pose the issue.
We have hired a third party to host a retail web site, from which customers will order merchandise. When a user logs in or establishes a new user account, the third party (web host company) will send me to our corporate location the id (presumeably ssn) for authentication from our server.
We cannot allow the third party to connect directly to the DB on our server. So, I want to have them send an 'authentication request' of sorts. I would then look up the ID in our DB and send back a 'yes' or 'no' acknowledgement.
Since I do mostly client software and have had little exposure to web apps, what would be the approach that would make the most sense to pass this authentication request and response?