Security is a major quality of service (QoS) requirement for QoS enabled web services. You can provide security for web services in several ways, two of which include transport layer security and message level security.
Transport-level security is based on a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and is used to protect HTTP message contents point to point.
Message-level security protects the SOAP contents that are contained within an HTTP message for a web service.