The WS-Security constraints that can be added to a web service application in the Liberty profile may behave differently from the same constraints applied to a service in the full profile.
WS-Security in the Liberty profile is configured by using the WS-SecurityPolicy within the WSDL file of a web service application, and is enabled by adding the wsSecurity-1.1 feature in the server.xml file. WS-Security in the full profile is configured by using a policyset and enabled by attaching a policyset. If you deploy a WS-Security enabled Liberty profile web service application to the full profile, you must create and attach an equivalent policyset and bindings to get the same level of web service security.
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512
To sign or encrypt a SupportingToken such as a UsernameToken in the Liberty profile, you assert the token as SignedSupportingTokens, SignedEncryptedSupportingTokens, or EncryptedSupportingTokens. In the full profile, you must use an XPath expression to sign or encrypt a SupportingToken.
All endorsing tokens are not supported in the full profile, including EndorsingSupportingTokens, SignedEndorsingSupportingTokens, EndorsingEncryptedSupportingTokens, and SignedEndorsingEncryptedSupportingTokens.
The Liberty profile supports the SymmetricBinding, AsymmetricBinding, and TransportBinding assertions. The full profile does not support the TransportBinding assertion.
The IncludeToken assertion is enforced in the Liberty profile, but is ignored in the WS-Security runtime environment of the full profile.
The Liberty profiles supports PasswordDigest and key derivation in the UsernameToken assertion. The full profile supports only PasswordText in a UsernameToken.
<properties name="com.ibm.wsspi.wssecurity.config.request.setMustUnderstand" value="false"/>