I need to provide some Web Services to a customer, who will call these Web Services from a Win32 desktop application. The exposed Web Services need to be protected, however, and anyone calling them other than my customer should get rejected. Does anyone have any insight on how this is achieved? Also, what would the customer have to do/install in order to call these secured Web Services? Our infrastructure is WebSphere 4.0 and we use SiteMinder for securing our extranet web sites.