I am building a web application in which the client communicates to a variety of software components using XML over HTTP. The client submits request to these components using basic HTTP verbs (POST and GET), and when appropriate send XML-encoded data along with the request. The component then processes the XML, performs the appropriate action, then sends an XML-encoded response.
My question is what I can do for security. I've been reading a whole lot about SOAP vs REST, and it seems to be a holy war characterized by preference/opinion/subjectivity.
I'm not looking for a different approach to what I'm doing. I'm simply asking if anyone has any experience in/ideas for security in the environment I described.