In the business-to-business scenario, the service and its clients are disparate business entities. They do not share credentials or accounts, and the communication between them is typically closed to the public. There are relatively few clients interacting with the service, and the client can only interact with the service after an elaborate business agreement and other conditions have been met. Instead of Windows accounts or usernames, the clients identify themselves to the service using X509 certificates. These certificates are usually known a priori to the service. The client or service may not use WCF or even Windows. If you are writing a service or a client, you cannot assume the use of WCF at the other end. The client calls originate from outside the firewall, and you need to rely on HTTP for transport, and multiple intermediaries are possible.
For the business-to-business scenario, you should use the Internet bindings; namely,
WSDualHttpBinding. You must use Message security for transfer security to provide for end-to-end security across all intermediaries. The message will be protected using a service-side certificate, just as with the Internet scenario. However, unlike the Internet scenario, the clients provide credentials in the form of a certificate. This is done uniformly across these bindings by selecting
MessageCredentialType.Certificate for the client credentials ...