WSS Username Token Profile 1.0 lines 108-109 states:
If either or both of <wsse:Nonce> and <wsu:Created> are present they MUST be
included in the digest value as follows:.."
What if there is no digest value. In other words, does this spec allow
inclusion of <wsse:Nonce> and <wsu:Created> using passwords of type
passwordText. Below is an example of what I am thinking of and was wondering
if this would be considered compliant or not: