I have blogged at a high level about some work I am doing on security aspects in SOA and Web Services. Service Oriented Security (SOS) architecture defines a set of architectural views, their key consituents, constraints, and relationships. As the SOA space continues to evolve our software security models will also need to adapt to these new realities that change or make obsolete (and in some cases breathe new life into) security mechanisms we have relied on over the years.
Initial high level overview of SOS architectural views: http://1raindrop.typepad.com/1_raindrop/2005/03/sos_service_ori.html I will also be doing a presentation at OWASP Europe on this, and will forward slides if people are interested. -Gunnar