Question 1 of 120

How much should you secure?

You are building several WCF Services, and some will employ sensitive information. Others transfer information that is completely public and are intended to be as easy to use as possible. Your service will be hosted internally, so you have full access to it without any real restrictions.

For the secure information, would you choose message level security, transport level security, or both?
For the less-sensitive information, would you still want to implement any security?
Would certificate-based security be a good fit for either scenario?