The proliferation of the Internet of Things (IoT) in several application domains requires a well-defined infrastructure of systems that provides services for device abstraction and data management, and also supports the development of applications. Middleware for IoT has been recognized as the system that can provide this necessary infrastructure of services and has become increasingly important for IoT in recent years. The architecture of an IoT middleware is usually based on an SOA (service-oriented architecture) standard and has security requirement as one of its main challenges. The large amount of data that flows in this kind of system demands a security architecture that ensures the protection of the entire system. However, none of the existing SOAbased IoT middleware systems have defined a security standard that can be used as a reference architecture. In this sense, this article discusses the importance of defining a standard security architecture for SOA-based IoT middleware, analyzes concepts and existing work, and makes considerations about a set of security services that can be used to define a security architecture to mitigate the security threats in SOA-based IoT middleware systems.