Keith Brown has an article up on MSDN on "Securing the Username Token with WSE 2.0". I liked the way he describes each issue and how to work around the most dangerous ones.

BTW, William Stacy (fellow MVP) has a nice blog on MSN Spaces with tons of entries on WSE and SCTs. Recommended reading!

Tomas Restrepo

Software developer located in Colombia.