I would like to hear from others on level of details that we need to provide to secure web services consumed by SuD.
a) Assuming I want to restrict it to basic authentication and some transport level security what should be covered and how (Sequence diagram, Notes etc)?
b) Do I really need to use WS-Security? If yes how do I need to demonstrate generation/propagation of wsse:UsernameToken to service provider? What else should be covered?