UsernameToken Authentication The policy uses a TransportBinding and requires a SignedSupportingToken which is a UsernameToken and the inclusion of a TimeStamp. Note that Rampart does not enforce the use of HTTPS transport and that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides additional information required to secure the message.