The use of security credentials and the concepts of single-sign-on and "identity" will play a big part in Web Service products as the technology matures and developers start writing true enterprise-grade line-of-business applications. The emerging XML security standards such as SAML are reviewed, along with the various "identity" standards such as Passport and Liberty, to provide an overview of the evolution of Web Service platform products to support these. This paper examines just how "identity aware" Web Service implementations need to be, and the value a Web Services platform can add in masking developers from the complexity in this area. Lessons are drawn from the experience of using EJB security technology for real-world security scenarios.