This report describes the results of an academic case study investigating the implementation of secure, interoperable Services Oriented Architecture (SOA) based web services. The report attempts to capture some of the issues faced in implementing security in interoperable SOA and to recommend some ways to overcome the inherent challenges facing secure SOA implementation. This study was conducted as part of a two-semester capstone course in the Software Engineering Masters program at the University of West Florida. Seven different implementations were created of a service offering airline reservations; three of the implementations used the Microsoft Windows Communication Foundation (WCF) technology package, three used the Linux/Apache/MySQL/PHP (LAMP) package, and one the Java/NetBeans/Glassfish package. To demonstrate interoperability, all implementations conformed to a previously defined WSDL interface; conformance was checked using an automated functional tester. Security was provided in the form of an authentication service and identity information and message data were exchanged using SOAP messages in standardized formats. All services were deployed to the cloud using Amazon's Elastic Compute Cloud (EC2) platform. The conclusions of the report provide a number of lessons learned touching on the security process, good design of service code and the relative ease of use of the three technology packages.