Interesting article on XML gateways, authentication / authorization and XML encrypting, signing, etc. The author points out some good guidelines in regard to XML document signing and encrypting and whether simply HTTPS is sufficient.

Are XML Gateways really the answer?