> > Is there anything in the SOAP protocol that warrants persistence of > any types of credentials such as what the HTTP protocol provides with > Basic-Auth and Cookies ? Yes, basic-auth and cookies are an security issue, and probably should not be sent. SOAP has its own mechanisms for such things.