When considering message-based security for a web service, you must take into account the message direction, that is either inbound or outbound. This distinction is important, because the security options you can implement depend on the message direction.

The security options of an outbound/inbound message pair often share a dependency. For example, if an outbound message is signed by a web service, the web service receiving the signed message must define the security parameters of an inbound message so that it can address (for example, verify) signed messages.