The warning came last week from Gartner research director Ray Wagner, who said the main web security standard, WS-Security, was not designed to stand alone.
His comments will give added impetus to a group of IT security chiefs from FTSE 100 companies who asked for a new security framework to enable collaborative business arrangements with partners, as highlighted by Computer Weekly.
One of the group, Paul Dorey, director for digital security at BP, is approaching web services security through "radical externalisation", where groups of users are protected by their own firewalls and external security services. Dorey said this method would lead to a faster way to build secure web services.
Gartner has also warned about discord among suppliers where Microsoft and IBM are working on WS-Federation as Sun works with the Liberty Alliance.
Wagner recommended the use of simple point-to-point web services secured using SSL and digital certificates, rather than relying on W3C standards.