Hello and thanks for the response. Maybe i'm wrong, but I think there's an error in this spec
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html The only example with "sp:InitiatorEncryptionToken" says in the comment "Lines (P002) – (P035) contain the AsymmetricBinding assertion which indicates that the recipient’s token must be used for both message signature and encryption." But we know from this spec http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-securitypolicy-1.3-spec-os.html#_Toc212617798 that sp:InitiatorEncryptionToken is used for encryption from receipient to initiator. Not from intitiator to receipient, as it is implied in the first spec above and seen in the concrete example just bellow that line: " Lines (M009) – (M014) hold a KeyIdentifier of the recipient’s token used to encrypt the UsernameToken as required by the AsymmetricBinding assertion. Because the InitiatorEncryptionAssertion disallowed the token from being inserted into the message, a KeyIdentifier is used instead of a reference to an included token. " Thanks. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
