Transition to Service-Oriented Architecture (SOA) is underway in the military and there have been many excellent examples of cutting-edge SOA and web service implementations. However, the process to build services for SOA frameworks is not well defined and therein poses a security risk. This research develops models, methodologies and specifications to help programmers integrate their work into selected SOA, including the installation of security appropriate to SOA. Research will establish baselines, models and specifications to help define, categorize, normalize, and weight security risks in distributed SOA. To be included are methodology to help manage security risk.