Message-level credentials. Web Services Stack can extract these credentials from the SOAP security header. If you use UsernameToken with plain text password, it can extract a user name and password. If there are signed parts or elements in the message, it can extract the X509Certificate used for the signatures.

Transport-level credentials - communication channel used for the message exchange; they are specific to the type of transport you use. Web Services Stack extracts these credentials from the HTTP(S) transport only. In the case of a basic HTTP authentication, it extracts the user name and password. In the case of a client certificate used for encryption of the transferred data, it extracts a client certificate chain.