IBM’s DeveloperWorks have a neat little article entitled Web services security, Part 1

The security methods discussed provide simple, but effective, solutions to secure your Web services transactions over HTTP. However, a word of caution. As the complexity of Web services transactions increases, these methods may become unsuitable. Consider, for example, that the methods discussed above would be unsuitable if the same SOAP messages were exchanged using SMTP (Simple Mail Transfer Protocol). Similarly, the solutions presented above might not be applicable if there were legitimate intermediaries present. In order to address these issues, a comprehensive WS-Security specification is being developed and standardized. The second article in this series will introduce the WS-Security specification and provide a detailed account of how it can be used to take the security of your Web services applications to the next level.

It mainly covers http basic authentication and https. Which are both simple, but it’s a pretty good little article. The next one covering WS-Security promises to be more interesting.

My own SOAP implementation that is currently part of XMLSignatures for Dom4J should theoretically be able to handle HTTPS. I‘m guessing adding Basic Authentication shouldnt be to hard. What I do need to look at is adding XMLSignature WS-Security support to it. It already supports most everything needed for it. Maybe in the next rev.