This paper discusses the security implications of Web Services and proposes a framework for providing security based on current and future requirements. The framework provides a basis for achieving end-to-end security for Web Services within the pre-existing security environment. Finally, lessons from initial experiences with Web Services security and advice for the future are provided.