on a side note, how is it possible to check authenticity of who you are serving?, when the rule is to allow only certain clients of your webservice to be serviced??(we can always add encrypted additional fields generated by common key + Rijndael algorithms; but kind of adds lot of unnecessary coupling and dependability)