web service security
We are setting up Soap request inbound web service with a third party vendor.
Regarding the web service security, I'm wondering if we use https, is it OK to pick "none" for "*Security Verification" on the service operation. The vendor will put clear username and password on the soap request message. Is it necessary to set up a Digitally sign if we use SSL?
thanks
Yan