Journal of Information Security Research Hikmat Farhat, Khalil Challita 2 2 2011 http://www.dline.info/jisr/fulltext/v2n2/1.pdf Web services are quickly becoming the most popular tool for distributed computing. Due to this popularity a comprehensive security architecture is needed. In this paper we introduced such a comprehensive architecture that includesin addition to the standard services of integrity and confidentiality- authentication, authorization and a defense against denial of service attacks. This model builds on existing standards such as SOAP, WSS and XACML. A detailed implementation with performance evaluation using the open source Apache tools is also discussed.