I was recently asked to have a look at some really nice How To topics on WCF security that the Patterns & Practices people have worked up, and am quite happy with them; so much so I wanna tell them to let us fold them back into the regular SDK documentation! The project's Web site is http://www.codeplex.com/WCFSecurity, but to have a quick list of the topics I had a chance to see (plus some nice walkthrough videos), check out J.D. Meier's blog entry on them at http://blogs.msdn.com/jmeier/archive/2008/03/27/patterns-and-practices-wcf-security-guidance-now-available.aspx.
Note: There are two very useful WCF security projects going on right now that I got a touch confused about because, unaware of them, I did not realize the distinction when I found them. The first is the documentation and videos provided by the project mentioned above. The second, WCF Security Guidance Package, is a Visual Studio based set of security automation tools -- and some documentation -- that help you apply the appropriate principles inside Visual Studio. Both are recommended, and I see them as complimentary.
If you find them useful or woefully inadequate, do let the projects know. They'll do their best to make them as useful as possible. Back to what I'm really interested in.... Web Service Software Factory: Modeling Edition!