"kdeboer" wrote : I did some research in the JBoss WS 103 Sources. | It appears that the username token profile is partly supported. | The user and password are added to the soap header when the password are added to the call or proxy object | However password type attribute and password encoding is not support. | According to the basic security profile the type attribute is required. | Password disgest is also very nice to have. | | will these functions be added in the near future? | The basic security profile has been in draft for over a year, and is not expected to be finalized anytime soon so we haven't looked at conforming to it. WS-Security 1.0 has type as optional, so we dont specify it. The encoding type is only relevant to a Nonce. and as you see currently nonces aren't supported. I have updated the feature request to reflect this. Currently the priority on this is low, since we are busy working on EE5 / JAX-WS. So, as Thomas said, feel free to contribute if you want to see this sooner. -Jason View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977728#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...