"One of the core value propositions of deploying a service oriented architecture (SOA) is the ability of the organization to better mitigate risk. Whether the organizational concern focuses on regulatory compliance or fine-grained control over the access of services, a well designed SOA can enable organizations to consistently apply security policies across all applications. Yet the distributed nature of a SOA results in a challenging environment in which to apply organizational security policies and can lead instead to a fragmented and inconsistent security infrastructure with serious performance implications."