I'm having a great deal of trouble finding any information on what Microsoft
is planning to recommend (or support from within VS.NET) regarding the
restricting of access to commercial web services. I have seen Mary
Kirtland's articles on their sample "Favorites" web service on MSDN, and
think their consideration of web service licensing and security issues is
well thought through, but I'm a bit surprised that, given the emphasis
placed on web services by MS, there is no comprehensive web service security
architecture either implied or supported from witihn VS.NET. All the
examples I see of web services totally ignore this issue, and I would have
thought someone would be, as a primary activity, proposing a subscription
and authentication model for web service hosting.

Sure, I can think of strategies involving existing authentication
mechanisms, but none of them strikes me as ideal. Anybody know of
information I'm missing?