Hi,
A brief description of the mechanisms can be found at the end of the article in this link :
http://www.netbeans.org/kb/60/websvc/wsit.html
From your description : "I want both ws provider and ws client to be authorized to each other and SOAP messages to be encrypted (body element)"
It appears the "Mutual Certificates Security" Profile would be applicable for this. You may also want to evaluate use of SSL with Client-Authentication enabled (which is also called SSL Mutual Authentication) for your requirement.
So in "Mutual Certificates Security" profile the Server's certificate is used by the client to Encrypt the SOAP Body, the server's certificate needs to be in client truststore apriori indicating that the client trusts the server. Then the Client signs the request and also sends its certificate to the Server. The server would dynamically validate the client certificate to see if it trusts the client. For this validation to work the CA certificate of the client cert needs to be trusted by the server (i.e CA cert should be in server's truststore).
Please post WSIT questions on the Metro forum.
Thank.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=238403