WebServices.Org has an interview with Even Maler of Sun Microsystems on the future of web services security:

Q: What should businesses and IT professionals know about the status of Web services security right now?

Web services are currently being secured in very traditional ways, to the extent that they're being secured at all. Web services on the Internet, as opposed to behind a firewall, might be secured with HTTPS SSL mechanisms, which are quite common in online individual purchase transactions. It does a fairly good job of protecting the contents of the message while in transit. However, in more complex Web services scenarios, this solution won't always be adequate. If many intermediaries are transacting with the messages as they go from initial sender A to ultimate receiver B, the simple SSL solution might not be adequate. The standards are not cooked yet for securing the content of the message and the channel in all the ways that people would want.

...via Phil Windley