I have a question regarding the WS-SecurityPolicy. In the specifications it
says "a requestor may require that specific portions of a message be
encrypted and that a specific algorithm be used. For example, a service may
require the body to be encrypted using triple-DES". My question is what if
the algorithm is not supported by the source. Also, senders of the message
may use a confidentiality mechnamism (encryption algorithm) which may not be
supported by the target. So, my question is how do you determine which
algorithms will be used.