Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services Using WS-SecurityPolicy | WS-SecurityPolicy Assertions Reference | Token Assertions | Valid Values for <sp:IncludeToken> Attribute
 
Valid Values for <sp:IncludeToken> Attribute
When you use a UsernameToken, you can use the IncludeToken property to specify when the UsernameToken should be included when messages are exchanged.
The following table lists the URI values you can use for an <sp:IncludeToken> in a WS-Policy.
Important:
When using the values described in the following table, replace <URI> with the appropriate value. If you are implementing WS-SecurityPolicy 1.2 standards, replace<URI> with http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702. If you are implementing WS-SecurityPolicy 1.1 standards, replace <URI> with http://schemas.xmlsoap.org/ws/2005/07/securitypolicy.
Set <sp:IncludeToken> to this URI value...
If the Username token....

<URI>/IncludeToken/ Never
Must not be included in any messages sent between the initiator and the recipient.
An external reference to the token should be used.

<URI>/IncludeToken/ Once
Must be included in only one message sent from the initiator to the recipient.
References to the token can use an internal reference mechanism. Subsequent related messages sent between the recipient and the initiator can refer to the token using an external reference mechanism.

<URI>/IncludeToken/ AlwaysToRecipient
Must be included in all messages sent from initiator to the recipient.
-and-
Must not be included in messages sent from the recipient to the initiator.

<URI>/IncludeToken/ AlwaysToInitiator
Must be included in all messages sent from the recipient to the initiator.
-and-
Must not be included in messages sent from the initiator to the recipient.
Note:
This URI value for <sp:IncludeToken> is specific to WS-SecurityPolicy 1.2.

<URI>/IncludeToken/ Always
Must be included in all messages sent between the initiator and the recipient. This is the default behavior when no IncludeToken property is specified with the UserName token.