On a broader basis WCF supports two kinds of security, transport level and message level security. Transport means the medium on which WCF data travels while message means the actual data packets sent by WCF. Transport medium can be protocols like TCP, HTTP, MSMQ etc. These transport mediums by themself provide security features like HTTP can have SSL security (HTTPS). WCF has the capability of leveraging underlying transport security features on WCF service calls. Message level security is provided in the data itself using WS-Security. In other words it's independent of the transport protocol. Some examples of message level security are messages encrypted using encryption algorithm, messages encrypted using X509 certificate etc, messages protected using username etc.