A new article popped up on MSDN the other day which covers the basics of the WS-Security specification. I like the article because the author starts off by explaining why the WS-Security specification was needed and gives good real world examples of where it's applicable. The author then describes the WS-Security SOAP header and how it is intended to be processed. Finally, the author delves into the guts of the spec and gives more detail on the various forms of signing and encryption that can be used.