Hi Steve -snip-
This is an issue regardless of whether you use WSRF, or whether you use WS-* with WS-Addressing. There is not enough stability in specification or implementation to be able to say "this is our code, we guarantee that it will continue to work for 5 years". Only REST services built on HTTP1.0+XML1.0 can pull that off, at the expense of no structured fault mechanism other than http error codes, no security other than HTTPS and/or HTTP basic/digest auth, etc etc.
Can XML signature and encryption not be used with REST services as suggested in the Atom specification? Section 10 of http://www.ietf.org/internet-drafts/draft-ietf-atompub-format-05.txt "Atom document can be encrypted and signed using [W3C.REC-xmlenc-core-20021210] and [W3C.REC-xmldsig-core-20020212], respectively, and is subject to the security considerations implied by their use." Also should that be HTTP1.1? cheers Mark