I am developing a Restful WCF service that will be accessed by URL. Clinet sites might be built in php,java,.net ..anything. How to implement security for this kind of situation. Common solutions found in net for WCF suggests Membership provider or Windows Permission principals. But would that cater for a Restful service which allows http requests?