Yii Web Service authentication

So far when searching through the forums and quite poor documentation of Yii, I cannot find proper information about Web Services.

I have created a web service which another web service (using another platform) can connect to. So far so good. But the only thing I can find about web service authentication in Yii is when the web service is to be consumed through a website.

I’m thinking of a two level security:

a. For each request sent by the client, a username and password are sent together with the data. This is done via SSL to ensure the traffic is encrypted.

b. The client has to authenticate using a certificate in order to even be able to send anything.

My questions to you are:

  1. Is this two level approach secure enough?

  2. Where can I find examples or tutorials of best practices regarding this approach?

Please help me!