Authentication to a "web service"… Do you mean SOAP/HTTP(S) or web page? The answers are different in the two cases!

• For SOAP/HTTPS, you’re talking using the WS-Security suite with SAML/XACML tokens. The authority could be derived in a number of ways such as Kerberos or VOMS. This is distinctly non-trivial and you’ll need to work out what all the other pieces in the "ecosystem" of services are up to and ensure that you interoperate with that.
• For web-pages, check out either OpenID or Shibboleth as ways to derive authentication tokens from sources maintained by others. As I understand it, OpenID is better for the open internet and Shibboleth is better for corporate deployments (it was designed for dealing with problems like handling webpage login for universities).

If you’re doing a webpage that acts as a portal to secured webservices, it’s possible to bridge the two sets of services above so that the browser-mediated techniques of OpenID are used to generate a cryptographic token that is then used to talk to the back-end. But this is really deeply non-trivial! (Not my specialist area, but work with people for whom it is.)

[EDIT]: Of course, if you’re just asking about general login methods, then it’s trivial. The only one that users really accept is typing their username and password into a webpage, and even then it’s only if it is very infrequent. If you’re going for this end of things, do remember to only allow logins over HTTPS, that you should only allow the page that they log into the system to be served over HTTPS too, and you’ll have to put effort into anti-XSS armoring (a classic SO question!)