Architectures and standards for securing Web services will evolve rapidly, but one consistent theme in the developing standards is the need to support a wide variety of scenarios.