Before reading "Web Services Security" (WSS), my knowledge of Web Services relied on a few magazine articles and chapter 10 of "Hacking Exposed: Web Applications." After reading WSS, I have a better idea of how Web Services work and how a variety of acronyms (XACML, XKMS, SAML, etc.) provide security. This 312 page book isn't lengthy enough to make you a Web Services security expert, but it provides a good foundation for consultants and other professionals.
Good security books do more than teach ways to attack and defend various technologies. They assume the reader isn't an expert in the technology or concept, and provide background prior to explaining weapons and tactics to exploit vulnerabilities. WSS meets this challenge by educating readers on the purpose, history, and future of Web Services. The authors take nothing for granted, explaining why transport-level encryption via SSL is insufficient for Web Services. WSS emphasizes key security concepts like "persistence" and separating policy enforcement from decision-making. I also appreciated the authors' willingness to share key insights, like the argument that "like XKMS, XACML is more about applying XML to security, rather than about applying security to XML." (p. 120). This demonstrated knowledge of applying security to a wider range of subjects than just Web Services.
On the down side, I found the SAML section (ch. 6) confusing. The writing style implied another author contributed this material, and the chapter's "checklist" was a list of questions -- not the summaries found elsewhere. I didn't find the legal section (ch. 14) particularly clear, either, despite the hype it received on the back cover.
Overall, WSS is probably the best Web Services security guide currently available. It meets the market need for an introduction to the subject, and covers material neglected elsewhere, like the Liberty Alliance Project (ch. 11). Those with questions on Web Services security would do well to start looking for answers here!