Opinion

There is More to SOA Security Than Authorization and Authentication

You don't have to make your SOA services impenetrable. You simply have to make them harder to crack than everyone else's. Use port knocking as an added level of security and crackers won't even know you're there.