The WS-Security spec does not specify a standard or convention for dynamically encrypting based on client input. Although it could be possible to add a feature that would use the client identity to determine the certificate to use for encryption. Open one in Jira if this is what you want. Otherwise your options are | * Use SSL | * Deploy the same service multiple times per client | * Use a separate shared client key for encryption, authentication can still be validated using individual keys for signature processing. | -Jason View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4048464#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...