I’m reading up on it as of now..seems logical to ensure security on a message-level when using web services.

• Wikipedia - General information
• OASIS - The creators
• developerWorks - More info.
• WMB 6.1 - Implementation
• Best Practices for WSS Part1 & Part2 - Good reading!