Hi David,
from what you are writing, it sounds to me, that you are using OASIS web services type of connections between two systems. This is not the same as front-end SSO like SPNEGO (Kerberos for the browser), SAML 2.0 or something like that. In this case the mechanisms would be called something like WS-Security SAML token profile or WS Security Kerberos token profile.
WS Security SAML token profile might work for you in thie case (you need 7.01 SP02 at least). For some infos on how to set this up, please have a look at this presentation from TechEd 2008 starting at page 54 or the corresponding documentation. A more general overview of authentication for webservices is also in the docs.
Regards,
Patrick