WS-Security provided a total framework for web services, but it is only abstract standard. On the basis of WS-Security, experts in IBM Tokyo laboratory bought forward Session Authentication Protocol which would be new solution for session entity authentication. In the paper, we give security defects of the original protocol, then make some improvements by selecting Diffie-Hellman algorithm improved with PKI certificate as new key-exchanging mechanism.