Design pattern for webservice authentication

Is there a best p开发者_如何学JAVAractice or design pattern on how web services should be authenticated. I am especially concerned about not having to pass the authentication data every time I hit the service.

I am not sure if there are names for these solutions, but I have seen two solutions for ws authentication:

• Preshared keys - Client and server have some preshared (hardcoded) keys. Client sends key with every request.
• Token Service - Client sends his credentials (user/pass) to special authentication service. Authentication service returns token (which is valid for specified amount of time). Token should be added to every web service call.

Communication should be encrypted in both cases.