Security: standards arent enough

Security: standards arent enough:
Basic point that Web service security is not going to solve the security problem. I think every body understands that, WSS will solve authentication and authorization. For rest of the things like

1. Validate your input
2. Set size limits on your incoming data
3. Ensure the attachments do not have any "viruses", etc.

you will be on your own or purchase the XML firewalls. Another point being Security services must be centralized. Again a continuing trend which helps in consolidating the administration and security analysis.