Thanks a lot for the response. See section 2.1.3 (WSS 1.0) here
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html It's using directly the certificate. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html