VIEWS, to remind you, is a group of system and service providers to libraries who have come together to explore issues surrounding the deployment of web services.
They have recently published a white paper on the use of web services in metasearch [word].
Searching of local and remote search targets is already carried out using standard protocols such as SQL, Z39.50, SRU/W, OpenUrl, etc. Some of these protocols such as SRU & SRW are WS based protocols. Also commercial information providers, led by Google and Amazon, are increasingly delivering functionality through their own WS based search interfaces.
There is some interesting discussion of authorization/authentication, looking both at the relation between the user and the metasearch application, and the metasearch application and its target resources. I was interested to read the list of authentication methods the report lists as in use: IP address recognition (and the related proxy server); userid/password access; LDAP (lightweight Directory Access Protocol); X.509 Digital; certificates; Kerberos; Shibboleth; Referring URL; SIP2 (Standard Interchange Protocol Version 2); NCIP (NISO Circulation Interchange Protocol); Athens; Biometrics; Proprietary APIs; Cookies. Of course these may work together or be a part only of a solution. A reminder of the complexity of this space.
Although useful for some purposes, Metasearch looks as if it will be an expensive and less than optimal solution for some time to come, perhaps never really ideally working.