Web services will soon handle users' private information. They'll need to provide privacy guarantees to prevent this delicate information from ending up in the wrong hands. More generally, Web services will need to reason about their users' policies that specify who can access private information and under what conditions. These requirements are even more stringent for semantic Web services that exploit the semantic Web to automate their discovery and interaction because they must autonomously decide what information to exchange and how. In our previous work, we proposed ontologies for modeling the high-level security requirements and capabilities of Web services and clients.1 This modeling helps to match a client's request with appropriate services-those based on security criteria as well as functional descriptions.