Are you certain that you need to optimize this? By that I mean whether you have timed the execution of the WS including security, and found that they take too long for the user to endure?
I'm asking because, yes, there's an overhead, but I'd want to be sure that it matters before doing anything about it.
the admin needs to pass through the authentication and authorization process. This seems to be chatty.
I'm not sure what you mean by this. The credentials entered by the human being can be remembered by the client app, so the person doesn't need to go through it more than once. What is "chatty" about that? WS-Security info is tacked onto the
SOAP call, so it's not like there are additional WS calls to be made.