>Long time ago I had to work with an AXXIS WS, which had specific auth tokens embedded in the header and would barf if not following some additional rules automatically followed if generated via the AXXIS-Java tool chain. Worked, but afterwards had to change twice as AXXIS developed, as their implenentation developed. Too many standards...
There is various ways to hook something in the header, additionnally to what we return in the Web service method response. I have used HTTP headers and cookies, for example. But, nothing is simpler than simply returning the content as is. This makes it easier on the client side for the implementation. I found it also easier to move forward with the Web service support using that approach.
I did also return objects and things like that. I standardized everything to return Xml string and this is what I used.