Hi, When username tokens are used as supporting tokens, is it necessary to encrypt the username. It seems reasonable as the password is plain text and can be captured in the transit. When the username is a signed supporting token or signed endorsing supporting token, does the protection order apply too?
Regards, Nandana
