I’m reading up on it as of now..seems logical to ensure security on a message-level when using web services.

• Wikipedia – General information
• OASIS – The creators
• developerWorks – More info.
• WMB 6.1 – Implementation
• Best Practices for WSS Part1 & Part2 – Good reading!