The purpose of Web services security architecture is to abstract out the details of message-level security from the mainstream business logic. Handling security within the core business services will make them very heavy and performance-intensive.
Various security models, built on top of existing standards and products, are currently being proposed to address the problem space. The most important development in this direction is the WS Security specifications, originally proposed by Microsoft and IBM. Now an OASIS-submitted specification, WS Security tries to define broad outlines to the overall security architecture built around Web services.