XML Security

["John Smithson" <why1234 () hotmail com>]

Gurus,

I'm trying to find the best practices in implementing the XML security. 
Recently our development team is working in implementing the XML services.  
They are planning to send traffic to partner's site as well as they will be 
partner to some site.

I work in the IT security filed, however, I'm very newbie in the Application 
Security field.  At this point all my research is been via Goggling.  Option 
1 - The web server provide SSL capabilities, so send the XML traffic over 
the SSL. Option 2 - Purchase reverse SSL Proxy (such as Juniper's Neoteris, 
Citrix's  NetScaller--- have the partner perform SSL VPN to the proxy and 
have proxy connect to our webservers)

Is there any additional layer/barrier that I can provide to increase the 
security? How have you deployed such environment? Obvious function such as 
firewalls, IDS/IPS are already been implemented.

Again, since I'm in the early learning phase, I may be completely off in 
explaining the scenario.  However, any help would be greatly appreciated.

Thanks,