Thank you for a nice introduction.

However, I thing you skipped a key part – how to authenticate a workflow HttpSend activity in web services.

Virtually every real-life workflow application will require that the caller is authenticated and, subsequently, authorized in the web service.

The only solution I can see now is to use https and add to HttpSend activity custom headers with the user name and password, hard-coded into workflow. Enough to authenticate in the web service, but definitely it is not a perfect way for me.

I believe many developers would appreciate it if someone from SharePoint team discussed this issue.