SOA Service Design / Authentication

Question

I\'m rather new to SOA and therefore experimenting around.

Currently, the part that creates the biggest problem to me is authentication, my current thought about it invo

Answer 1

The best approach should be like this if all the services are internal,

1. The authentication service issues a token the the service client.
2. Service client includes the token in the SOA message wrapped in WS-Security or something similar.
3. The service should validate the token with authentication service before providing the service.

For external services, I suggest you look at federated solutions like SAML.