One limitation of WS-Security, as compared to SSL and other options, is that it can only be used with WS-* web services (SOAP based services). This is a limitation because although SOAP-based web services are a popular option for implementing SOA, they aren’t the only option. Also, if you use WS-Security for all the messages, it’s likely to be slower than SSL because SSL can work at the bit level and be streamed, whereas WS-Security requires complete messages.
WS-Security limitations/restrictions to consider
Share this highlighthttp://www.safaribooksonline.com/a/soa-patterns/285613/