Separate sets of standards will eventually come together. Until then, companies that need to implement new secure Web services should make minimal architecture investments.