"Rather than thinking of how to implement security in each part of the web services Morris suggested implementing security as web services themselves. He advocated security in depth by using existing features like directories and web access authorization and the like (which makes sense, no reason to re-invent the wheel time and time again). XML introduces a lot of new security threats like SQL injection through XML payload, XPath Injection, unexpected attachments (and how to deal with those), malformed XML etc."