We are in the process of securing one of our web services and it will become the basis for how web services are secured from now on.

The scenario right now is we will have a web application that is going to be making crud requests to our web service, and in turn the web service will make calls to the stored procedures within Oracle.

We need to secure the channel between the web application and the web service, is this something that 2 legged OAuth would be used for, or should we go for the full blown OAuth?

Thanks,

Ian