So by now I'm sure you've all heard of Web Services and understand what the buzz in the industry is all about.

The initial push of Web Services, missed the boat a little on Security. Hence we now have within the WSE specification one of the main pillars, WS-Security.
 
The latest CTP of WSE 3.0 is available at the following link:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7591DFD2-E1B7-4624-9D5B-29C211D149FE&displaylang=en

Obviously all roads eventually lead to Indigo, which will be backward compatible with WSE 3.0:
http://msdn.microsoft.com/webservices/indigo/default.aspx

In recent months I have had several customers looking to use WS-Security, but there always seems to be some confusion when it comes to selecting a particular Security Token to use; UserName, X509 or Kerberos.

Keith Brown has written a good article on pros/cons of the UserName Security Token:
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwse/html/securusernametoken.asp

The main challenge is being given informed information/advice on how to protect Web Services, based on one of several scenarios. Well look no further, the Patterns and Practices team have been hard at work and are due to release said scenario based guidance in the next week or two. I have had the opportunity to read the pre-release documentation and they have done a very good job.

Check it out at the following link:
http://practices.gotdotnet.com/news/newsitem.aspx?id=67f659f6-9457-4860-80ff-0535dffed5e6&newsId=63e06f27-498a-4640-998a-98afa781d841