Is security for web services really all that different from security in other contexts? The author of Web Services Security tells it like it is. Which standards are fully cooked, and which should you avoid? What kinds of attacks will web services be vulnerable to? Are application/XML firewalls the answer?