The Vibro.NET blog has a great post about certificate-based security in the XML Web Services world. Based on my personal experience with certificates and WS-Sec, this is worth reading: Why you should consider WS-Trust... I'm pretty sure that the ideas presented are something that I will include within my company's SOA planning.
