As with all other SOAP messages, there is a risk that a malicious user will intercept a message in a coordinated exchange either to steal data or to try to replay a CoordinationContext header with a malicious message request or specify a malicious registration service. Although the coordination context contains a Timestamp element that can be used to ward off such replay attacks, such sensitive communication over insecure media should be signed and encrypted using the methods described in WS-Security, which we discussed in Chapter 8. In addition, its necessary that the various services participating in a coordinated process negotiate some level of trust, whether at the domain level or using the methods described in WS-Trust and WS-SecureConversation.