JWT is the standard for securing REST web services.
References below describe it as well as provide links to samples. Microsoft just released a DLL which is an extension to .NET 4.5 and works with or without WIF. There are libraries available in most languages to handle the token. Oracle uses it in its Fusion Middleware; Google in its App Engine Security Module; Salesforce in application access; and Windows Azure Active Directory for issuing claims for all of its workloads entailing REST exchanges, such as issuing tokens for querying the Graph API; ACS namespaces can issue JWTs as well, even for Web SSO; JWT is the token format used in OpenID Connect as well.