An authentication method and system is provided for asynchronous eventing between a client and a server over the Internet. In a subscription phase, the client sends a subscription request to the server to express interest in receiving notifications associated with one or more particular events that may asynchronously occur on the server. The client authenticates the server by checking the identity of the server, and if the client determines that the server can be trusted, the client subscribes the notifications, otherwise, the client does not subscribe. After a successful subscription, in a notification phase, the server notifies each client that has subscribed for a particular type of event. Each client upon receiving a notification, authenticates the server by verifying that the received notification is sent by the server with which the client subscribed for the notification.