Token References
The WS-Security facility allows you to specify handling of certificate information through direct or indirect references:
In a
direct reference, the actual certificate, or a path to the URI specifying a remote data source containing the token element, is embedded in the SOAP header.
In an
indirect reference, a certificate property, such as the X.509 key identifier, is embedded in the SOAP header. Using this property value, the recipient extracts the property value from the message header and uses it to locate the certificate.