WS-SecurityPolicy 1.2 indicates that the HttpsToken assertion has the the HttpBasicAuthentication and HttpDigestAuthentication as optional elements. But, it looks like Rampart doesn't support these yet? and only supports 'RequireClientCertificate'? Can you please confirm?
Thanks,
Murali
