Thanks for the link. It says one should use SSL in combination with Digital Certificates to counter all possible security threats. SSL & Digital Certificates are widely used for on-line transactions and many commercial sites are running for long. Then why do we see so much focus on security issue in the case of SOAP ? The transactions are still the same except that data is sent in text format (which can always be ciphered) over the chosen transport protocol (Http, FTP, SMTP etc). Can somebody throw some light on this topic ?