Description: This pattern describes the controls needed to make sure that services can only be used and located by authorized service consumers.
Describe any additional architectural principles that may be reflected in the pattern.
Assumptions: The WSDL interface (registry entry) of a web-service can be considered an (implicit) contract between the service provider and the service consumer. The ebXML suite of standards has some support for security properties.
Typical challenges: There are no standards/guidelines that would help to enforce the (implicit) contract. On the market there is some tooling around that help to write policies for contract enforcement/negotiation and then act like a service guard.
Indications: Whenever you can distinguish between trustworthy callers and less trusted callers. Trustworthiness typically is certified by those that operate or own the provided services.
Contra-indications: You do not need to implement registry protection if you trust all the potential callers.