In the distributed web-services model, messages are exchanged between collaborating parties. During this message exchange, end-to-end message security must be addressed. As we have seen in earlier examples of typical business processes, a message may hop between many participating service providers. XML provides a platform-independent and network-neutral format for data transport. However, such messages must be secured. There may be a need to encrypt sensitive data. Also, once a service requester sends a message for a service to a service provider, the service provider may ask for the sender’s identity. The request message should be able to transport the user credentials securely to the provider. Overall, message transport in a business ...