This paper describes a comprehensive threat model for a new breed of threats based on XML content, including XML languages used in the Service Oriented Architecture (SOA) paradigm such as SOAP [6] and the Web Services Description Language [11]. In addition to defining a new threat model, this paper compares it to a more traditional network security threat model, by defining it in terms of the network stack. This document also illustrates the concept of XML Intrusion Prevention (XIP) as an analog to traditional network-based intrusion prevention.