Hi Colm, Thanks for your response. I am currently not that involved in the MTOM requirements so I don't know the exact details. In general what currently is defined in the Dutch standards is a specific profile that uses Signing and Encryption of the WS-Security standards. The signing part will sign all the addressing headers, timestamp and body of the message while the encryption should only encrypt the body and the attachments. When the call requester is using MTOM combined with the signing and encryption profile, the provider is required to support this and also respond with an MTOM message. Hope this description helps.
with kind regards, John
