The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in "phishing" attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce.