2.2.1.5 SecurityContextToken Element
The <SecurityContextToken> element is specified in [WSSC] section 3 and [WSSC1.3] section 2.
If a security context token (SCT) is referenced as specified in [WSSC] section 9 and [WSSC1.3] section 8, a direct reference conforming to section 2.2.1.1 MUST be used.
If a security context token is present in a <Security> element, a <Signature> element conforming to section 2.2.1.7 MUST be present in the same <Security> element. The <KeyInfo> child element of that <Signature> element MUST reference the security context token.
This document overrides the following specification:
[WSSC1.3] section 8: "If the SCT is referenced from within the <wsse:Security> element or from an RST or RSTR, it is RECOMMENDED that these references be message independent, but these references MAY be message-specific."
When the SCT is referenced from within the <Security> element, the reference MUST be message-specific.