The document discusses security considerations for service-oriented architectures (SOA). It outlines common problems with disconnects between functional and non-functional security requirements. It also discusses how security needs to remain agile and responsive to innovation by attackers. The document proposes a layered security architecture and parallel security and service engineering lifecycles. It frames security concepts in terms of a generic business schema.