Hello and thanks for the response. Maybe i'm wrong, but I think there's an error in this spec
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html The only example with "sp:InitiatorEncryptionToken" says in the comment "Lines (P002) – (P035) contain the AsymmetricBinding assertion which indicates that the recipient’s token must be used for both message signature and encryption." But we know from this spec http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-securitypolicy-1.3-spec-os.html#_Toc212617798 that sp:InitiatorEncryptionToken is used for encryption from receipient to initiator. Not from intitiator to receipient, as it is implied in the first spec above and seen in the concrete example just bellow that line. Thanks. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html