At this point in the book, you have learned a great deal about what is required to secure a Web service using the many different available security options such as WS-Security, Security Assertion Markup Language (SAML), and so forth. Even if you did not read this chapter on WS-Policy, you could secure Web services using these technologies, and with some hard work and vigilance, you could successfully implement secure Web services.

Although you could implement secure Web services this way, and although many of the current Web services implementations will take just this approach, how will users of your Web service know the security requirements your Web service has? Similarly, if you want to use ...