Figure 1. Identity-Based Decisions Transport layer security authenticates the sender of a SOAP request. As indicated in this broker-insurer example, the security context must extend from the end user, who authenticates with a password, to a Web service, which is run using SOAP messages. The security challenge is met by inserting security information about the end user inside the SOAP message.