I'm after a little guidance for my Asp.Net web services products.
I've currently got a web service app that is designed purely to transport data from a SQL server database at a client location to their website hosted on our server, therefore, in this case, it's a single client scenario. For this app we have applied IP filtering so that only our web server can access the web service.
We're also going to encrypt at the transport layer using https. My question is, bearing in mind that there are some basic personal details like name and email address passed across this service do you think this security is enough or should we add an extra layer of complexity and use OASIS WSE security even though we should only get calls from one caller?