"Web services, by definition, are particularly vulnerable to breaches in security. The flow of potentially sensitive data not only between machines, but between enterprises and across untrusted networks, presents the need for special attention to areas such as message confidentiality, message integrity, authentication, and authorization. Additionally, since Web services are well suited to business-to-business communications and cooperation, there should be some way to enforce trust relationships between business partners. Finally, Web services are used not only by humans, but by other Web services as well. The high degree of automation required for interaction between Web services requires well-designed software architectures, preferably built upon well-designed standards.
"Since Web services are designed to be able to operate over HTTP, one can certainly employ HTTP-based security mechanisms such as HTTP authentication and SSL/TLS..."
