Security is required whenever we want to only let a small set of users use a service. The small set can be as small as one or it can be as large as thousands of subscribers whom we allowed to use the service. Web Services usually fall into the second category because we do not simply expose functionality when we do not want to let more than one user access it.
So basically, we need all sorts of security measures that we had in a web application present in the Web Services realm. These requirements are as follows: