This Recommendation describes the security architecture and scenarios for message security in mobile Web Services. Security services for messages are the most fundamental security requirements for mobile Web Services. Although the components for message security such as WS-Security have been standardized, standard architecture and service scenarios for providing message security for mobile Web Services have yet to be defined. Since Simple Object Access Protocol (SOAP) messages use Hypertext Transport Protocol (HTTP) ports, they cannot be filtered by firewalls; hence there is a need to provide a message filtering mechanism based on the message contents in the architecture for secure mobile Web Services as well as to integrate security policy mechanism suitable for mobile Web Services message security and the message filtering mechanism into the architecture. Since many mobile terminals do not have sufficient processing power to support the Web Services protocol stack fully, and many backend application servers are not based on Web Services, interworking mechanisms and scenarios between mobile Web Services and legacy non-Web Services applications should be provided. This Recommendation seeks to establish a guideline for security architecture and security service scenarios for message security in mobile Web Services satisfying the above mentioned requirements.