On a recent client engagement we adopted SOAP over HTTP as our preferred communication channel for Web Service consumers. Since the transport protocol was HTTP, our next requirement was to setup HTTP Basic Authentication and role-based authorization. We tend to prefer simpler transport-level authentication over WS-Security which is overkill for most situations.