A method and a system for authenticating a surrounding Web application by a Web application that is to be embedded, wherein it becomes possible for the Web application that is to be embedded to identify the surrounding Web application and for the surrounding Web application to authenticate itself, where a high security standard is provided through storage and evaluation of the necessary key material in the respective. Web server because the key material itself is not transmitted, but only authentication messages for the local use of the key material are instead transmitted.