Web services security can be configured by customizing WS-Security policy sets and bindings, and then attaching these to the web services. This method allows administrators to define and enforce security policies such as authentication, authorization, confidentiality, and integrity at the message level across web services. Configuring global security with LDAP authentication does not specifically target web service security, and using WS-MetadataExchange protocol or relying solely on developers to use security APIs lacks the comprehensive policy-based approach needed for robust web service security.