WS Security (Score 3, Informative)

Well Microsoft, IBM and somebody else have released the WS Security "spec" (whitepaper) to address some security issues with SOAP, namely message-level digital signature and encryption. It's technically clean, if a little light on detail.

Things to note (strategic):

None of SOAP, WSDL, UDDI, and now WS Security are "Royalty Free".

SOAP isn't a de jure standard -- it's a W3C "note".

UDDI was supposed to move into an open standards body in 2001 but still hasn't.

By publishing WS Security on their websites and through no open standards body we see Microsoft, IBM and that other company abandoning even attempts to appear open.

On the technical side -- if you want to see a little deeper into the security issues left unsolved by SOAP, I recommend you look at the OASIS technical committee specification, ebXML Message Service Specification version 2.0 rev C.