Earlier on int this blog, I've made several posts about Service Oriented Architecture, such as SOA means Business! or SOA's Business Value and also a couple of glib posts about "Web 2.0" such as Web 2.0 approaches.
(SOA is often mentioned by some commentators in the same breath as Web 2.0, but it's definitely not synonymous. In fact, SOA applications don't necessarily even have to run across the Web, though in many of not most cases they will. I'm obviously not the only one who thinks this, as indicated by tow recent posts: Can, or should SOA be implemented without web services? and TRUE or FALSE: SOA cannot be implemented without web services? )
Not to forget my own concept of "Web Pi" ... see "Web 2.0" and "Web Pi" -- Reject Reality and Substitute Your Own! By all means feel free to use the term and espouse the concept (if you're game), but it's a cynical enough concept for me to have a deep-seated psychological need to keep attribution to it!
Anyhow, one of the essential requirements of SOA is that all services must observe appropriate security.
And if you want to learn more about this, you'll be hard pressed tot find a better source than the new IBM Redbook Understanding SOA Security: Design and Implementation (Like all Redbooks, it's free.) So go download it and have a good read!