While WS-Security provides the core functionality needed to secure SOAP messages, it does not address how trust is obtained and propagated, and it lacks mechanisms that can be used for securing conversations. This is by design, and keeping WS-Security lean is good, modular design. We have seen that WS-Trust and WS-SecureConversation fill in the gaps, including many missing, higher- level security functionalities. Using WS-Trust, it would not be overly difficult to write Web service front-ends to distribute X.509 certificates, Kerberos tickets, or any other custom security token. While WSE does not implement these types of STSs directly, it will certainly be used to do so. WSE does provide a reliable, full-features implementation of the security context token service, as described in WS-SecureConversation, that I have demonstrated can be used with only minimal configuration out of the box.