The promise of seamless Web Services interactions cannot occur without also introducing several new security practices. The technology industry is victim of a misconception that no security is needed inside the firewall, and that any externally exposed web service must necessarily use the complete set of security specifications to be protected. Neither belief is true; there are many ways to deploy secure XML Web services today, without waiting for all the specifications to become fully baked.

This paper outlines what these new requirements are and how managers can adopt these best practices pragmatically while avoiding wholesale forklift upgrades of existing infrastructure.