Security requires an end-to-end perspective and not just a point-to-point one. It is not simply the exchange of data between the client and the server that is important, but instead the entire path that the data takes. This includes not only technologies, but also operational processes.
Do not encrypt the entire message. Due to the overhead of encryption and decryption, only encrypt what needs to be encrypted. Encrypt data meant for different people using different keys. The advantage of using XML Encryption is that it supports both of these requirements.
Inline signatures with the information that they sign. Signed documents are important not only during transmission between parties, but also as a means to prove and enforce accountability and liability. To do so, signed documents must be easily archived so that both the contents of a document as well as its signature(s) can be easily retrieved at a later time. XML Digital Signatures supports inlined signatures and also allows different signatures for different parts of a document.
WS-Security is emerging as the de facto standard for a comprehensive framework for Web services security.