I would like to clarify one thing about SOAP security. My situation is like this:
there is a web service server and some web service clients that I need to bring up using SOAP. This web service will only be used with my own clients and, perhaps some other clients written by third parties. Howver, all clients will connect directly to the web service. And I need this system secured. There will be no intermediary (no other third party) web services between clients and my own web service. I believe that in this scenario, there is no need for WS-Security features. To my mind, all it takes is https and some method for authentication and authoriazation. Please explain to me why this is not right (if it is not right, of course).