The SOA world enjoys a, let's say, overabundance of standards, with the Web Services (WS-*) stack in particular seeming to continuously grow to encompass every possible SOAP use case. However, relatively few standards are specifically designed for security, and those that do all build on top of one another. The foundations are now complete and mature, but the higher levels are still works in progress.
Photograph by Tim Flach/Stone/Getty Images
SOA Security: One Treacherous Journey