4). Create a "Security Policy Association", "Apply Policy To:" the Web Service and link the "Outbound MesagePolicy:" with the Security Policy created in the previous step.

This will enable the Outbound WSS Authentication for a Web Service using a X509 Token. This request will have a Binary Security Token in the security header.

In BW 6.X, there is no policy that will generate a Binary Security Token in the security header for a outbound WSS Authentication with X509. The reason is that the resulting request will not be a valid X509 token profile request.

Since there is no policy in BW 6.X for WSS Outbound Authentication with X509 Token, signing the header or body for the outbound policies will have the Binary Security Token in the security header.

To achieve this setting, 

1. Create a new 'WssConsumer' with 'No Credentials'

2. Click on "Integrity" tab  and check "Sign Request".

3. Create a new shared resource "SubjectIdentityProviderResource" and KeystoreProviderResource

4. Link the "SubjectIdentityProviderResource" to the 'WssConsumer ' > "Integrity" > "Subject Provider"

5. Check "Sign Parts:" either "Body" or "Header"

For further details, please refer the sample project at <TIBCO_HOME>\bw\6.2\samples\policy\confidentialityintegrity\SoapHttp

Sample Outbound WSS Authentication with X509 request xml from BW 5.X:

<?xml version="1.0" encoding="UTF-8"?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

    <SOAP-ENV:Header>

        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">

            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIID3DCCAsSgAwIBAgIJANZSN1xVHRavMA0GCSqGSIb3DQEBCwUAMIGrMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKdXMtZW5nbGlzaDEVMBMGA1UEChMMVGVzdCBDb21wYW55MRkwFwYDVQQLFBBjbGllbnRfcm9vdCBVbml0MRQwEgYDVQQDFAtjbGllbnRfcm9vdDEqMCgGCSqGSIb3DQEJARYbY2xpZW50X3Jvb3RAdGVzdGNvbXBhbnkuY29tMB4XDTEzMDIyMjAwMjgzMVoXDTIzMDIyMDAwMjgzMVowgZwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwp1cy1lbmdsaXNoMRUwEwYDVQQKEwxUZXN0IENvbXBhbnkxFDASBgNVBAsTC2NsaWVudCBVbml0MQ8wDQYDVQQDEwZjbGllbnQxJTAjBgkqhkiG9w0BCQEWFmNsaWVudEB0ZXN0Y29tcGFueS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMgDRCUUs5G+8a3Lo/6+K4qLE3SL9eMxzhQZixBIQCRD7nFyA1gYoBoPVGKD2I/aGta001UhqjCPMr48cczkHOjCeVs592rIhieGcIunZmyjLnU/souY+M9clGPtU+XQ9WTEyhobYgAD4fkAhOzYQhaNPzHRqqRCey7YTSmkYK5oR87yWrK1euLDfJkt1mIX9Ss/7nMaQM8PNTsT6Qbv3RSPIvm0TYaNf6c6y2aMM/5RdmZRlxXZUQK8NSaveQCoN7pNXYX09SZcxkS371Rq/lx6ECEmPLUQt8r3wtfhGb6xEGu5Q7SbdV8HAR7JFNs5UX6U0qLmAhZkaKp2A9kxxbAgMBAAGjEDAOMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAB6RAI02efK7+Iv0u9t3bhAFCQtefRm563IYy1p6PGMe8U7ZiJwY8yqMLumNoAJXF18uGFfj/BUM/hARqk0qbNy32rDRVIqKr/TRJ2uS5yySsi1oeH9koL8hjX6JGcpDH/B/lzXFaam4j5oNoFTMzr4AVcmjwJmAZ5vVtrSfBt0kadGOmMMU2RUTs5iSidvlOI6cceW66qwKQ/U1j0yqKc4r/FZLePQznHh51ZYtJVUwWeTdW1wr/J8wxPOkYMfYOSx5DiNpwN7YURJvp2PlbMf0GRHa9YFBMnIzUwrjKY0vjAru2UUq8nPRvoVNGHI9h4Ol/DrFIOlNvRA7grQ4bS4=</wsse:BinarySecurityToken>

        </wsse:Security>

    </SOAP-ENV:Header>

    <SOAP-ENV:Body>

         ............................