How do we implement a security for web services? Since service components are either loosley coupled or have no client session tracking like web based clients. What happens once a client is authorized and either tries to invoke a service method or looses connection and reconnects?
Since WS are generally stateless, you'd need to send the authentication details with every call. But since that's usually being done by a handler that's independent from the actual WS invocation code, it wouldn't complicate the client code.