Misunderstand and misuse of <i>Web Services Security</i> standards for applications will lead to over-engineering, poor-performance, bad-interoperability, and even insecure Web Services messages.</p> <p> This session will demystify the <b>Web Services Security</b> standards in doing SOA/Web Services message security. It will illustrate common mistakes and pitfalls in deploying Web Service security, such as Web Services security is too heavy to use, and keep it simple will be more secure.</p> <p> The session will also demonstrate use cases that use new technologies and standards, such as WS-SecurityPolicy, WS-Trust and WS-SecureConversation that reduce the risk and increase interoperability. The Web Services security is not just XML signature and encryption any more. </p> <p> If no interoperability, there will be no Web Service security. However, the interoperability will not be achieved automatically. This session will discuss interoperability issues and solutions when use standards Web Service Security to protect cross-platform SOA applications.</p> <p> Last but not the least, this session will talk about using <b>Web Services Security</b> technologies to protect Software as a Service (<b>SaaS</b>) in the <b>Cloud</b>. What security issues in the Cloud, and how WS-Security can help for the SaaS in the Cloud.