More work exploring the policy extension model by implementing a token based authentication schema across binding.ws and binding.jm. No authentication is actually performed here. That is left for users to provide their own policy interceptors. However tokens are passed and security Subjects/Principals are created. This exercise has highlighted some awkwardness in the process of building policy implementations. I'll post about this on the mail list.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@695374 13f79535-47bb-0310-9956-ffa450edef68

71 files changed, 2514 insertions, 333 deletions

diff --git a/java/sca/itest/policy-security-basicauth/src/main/java/helloworld/HelloWorldClientImpl.java b/java/sca/itest/policy-security-basicauth/src/main/java/helloworld/HelloWorldClientImpl.java
index 55b798edbe..7345af7f7c 100644
--- a/java/sca/itest/policy-security-basicauth/src/main/java/helloworld/HelloWorldClientImpl.java
+++ b/java/sca/itest/policy-security-basicauth/src/main/java/helloworld/HelloWorldClientImpl.java
@@ -30,13 +30,11 @@ public class HelloWorldClientImpl implements HelloWorldService {
     @Reference
     protected HelloWorldService helloworldWS;
     
-    @Reference
-    protected HelloWorldService helloworldJMS;    
+
 
     public String getGreetings(String name) {
         return "Hello " + 
-                helloworldWS.getGreetings(name) + 
-                helloworldJMS.getGreetings(name);
+                helloworldWS.getGreetings(name);
     }
 
 }
diff --git a/java/sca/itest/policy-security-basicauth/src/main/java/helloworld/HelloWorldServiceImpl.java b/java/sca/itest/policy-security-basicauth/src/main/java/helloworld/HelloWorldServiceImpl.java
index 411dcae605..6372570d1f 100644
--- a/java/sca/itest/policy-security-basicauth/src/main/java/helloworld/HelloWorldServiceImpl.java
+++ b/java/sca/itest/policy-security-basicauth/src/main/java/helloworld/HelloWorldServiceImpl.java
@@ -18,6 +18,10 @@
  */
 package helloworld;
 
+import javax.security.auth.Subject;
+
+import org.osoa.sca.RequestContext;
+import org.osoa.sca.annotations.Context;
 import org.osoa.sca.annotations.Service;
 
 /**
@@ -26,8 +30,17 @@ import org.osoa.sca.annotations.Service;
 @Service(HelloWorldService.class)
 public class HelloWorldServiceImpl implements HelloWorldService {
 
+    @Context
+    protected RequestContext requestContext;
+    
     public String getGreetings(String name) {
-        return "Hello " + name;
+        Subject subject = requestContext.getSecuritySubject();
+        
+        if (subject == null){
+            return "Hello " + name + " null subject";
+        } else {
+            return "Hello " + name + " " + subject.toString();
+        }
     }
 
 }
diff --git a/java/sca/itest/policy-security-basicauth/src/main/resources/definitions.xml b/java/sca/itest/policy-security-basicauth/src/main/resources/definitions.xml
index 9099191b27..dbdf0cd263 100644
--- a/java/sca/itest/policy-security-basicauth/src/main/resources/definitions.xml
+++ b/java/sca/itest/policy-security-basicauth/src/main/resources/definitions.xml
@@ -27,21 +27,18 @@
     <sca:policySet name="BasicAuthenticationPolicySet"
                    provides="authentication"
                    appliesTo="sca:binding.ws">
-                   
         <tuscany:basicAuthentication>
           <tuscany:userName>myname</tuscany:userName>
           <tuscany:password>mypassword</tuscany:password>
         </tuscany:basicAuthentication>
-        
     </sca:policySet>
-      
-    <!-- some authentication implementation policies - may think about these later 
-    <policySet name="allowed_users" appliesTo="sca:implementation.java">
-    	<permitAll/>
-    </policySet>
     
-    <policySet name="runAsAdmin" appliesTo="sca:implementation.java">
-    	<runAs role="Administrator"/>
-    </policySet>
-    -->
+    <sca:policySet name="ImplementationIdentityPolicySet"
+                    provides="tuscany:identity"
+                   appliesTo="sca:implementation.java">
+        <securityIdentity>
+            <useCallerIdentity/>
+        </securityIdentity>  
+    </sca:policySet>      
+      
 </definitions>
\ No newline at end of file
diff --git a/java/sca/itest/policy-security-basicauth/src/main/resources/helloworld.composite b/java/sca/itest/policy-security-basicauth/src/main/resources/helloworld.composite
index 247b2b56e4..f883629180 100644
--- a/java/sca/itest/policy-security-basicauth/src/main/resources/helloworld.composite
+++ b/java/sca/itest/policy-security-basicauth/src/main/resources/helloworld.composite
@@ -33,26 +33,14 @@
         <reference name="helloworldWS" requires="authentication">
             <binding.ws uri="http://localhost:8085/HelloWorldServiceWSComponent"/>
         </reference>
-        <reference name="helloworldJMS">
-            <binding.jms uri="jms:HelloWorldService"/>
-        </reference>
     </component>           
 
     <component name="HelloWorldServiceWSComponent">
-        <implementation.java class="helloworld.HelloWorldServiceImpl" />
+        <implementation.java class="helloworld.HelloWorldServiceImpl" requires="tuscany:identity"/>
         <service name="HelloWorldService" requires="authentication">
         	<interface.java interface="helloworld.HelloWorldService"/>
             <binding.ws uri="http://localhost:8085/HelloWorldServiceWSComponent"/>
         </service>
     </component>
     
-    <component name="HelloWorldServiceJMSComponent">
-        <implementation.java class="helloworld.HelloWorldServiceImpl" />
-        
-        <!--service name="HelloWorldService" requires="authentication"-->
-        <service name="HelloWorldService" >
-            <interface.java interface="helloworld.HelloWorldService"/>
-            <binding.jms/>
-        </service>
-    </component>    
 </composite>
diff --git a/java/sca/itest/policy-security-token/pom.xml b/java/sca/itest/policy-security-token/pom.xml
new file mode 100644
index 0000000000..761aae3bc7
--- /dev/null
+++ b/java/sca/itest/policy-security-token/pom.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    * Licensed to the Apache Software Foundation (ASF) under one
+    * or more contributor license agreements.  See the NOTICE file
+    * distributed with this work for additional information
+    * regarding copyright ownership.  The ASF licenses this file
+    * to you under the Apache License, Version 2.0 (the
+    * "License"); you may not use this file except in compliance
+    * with the License.  You may obtain a copy of the License at
+    * 
+    *   http://www.apache.org/licenses/LICENSE-2.0
+    * 
+    * Unless required by applicable law or agreed to in writing,
+    * software distributed under the License is distributed on an
+    * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    * KIND, either express or implied.  See the License for the
+    * specific language governing permissions and limitations
+    * under the License.    
+-->
+<project>
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.tuscany.sca</groupId>
+        <artifactId>tuscany-itest</artifactId>
+        <version>1.4-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <artifactId>itest-policy-security-token</artifactId>
+    <name>Apache Tuscany SCA Policy Token Authentication Integration Tests</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-node-api</artifactId>
+            <version>1.4-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-node-impl</artifactId>
+            <version>1.4-SNAPSHOT</version>
+            <scope>runtime</scope>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-implementation-java-runtime</artifactId>
+            <version>1.4-SNAPSHOT</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-binding-ws-axis2</artifactId>
+            <version>1.4-SNAPSHOT</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-host-tomcat</artifactId>
+            <version>1.4-SNAPSHOT</version>
+            <scope>runtime</scope>
+        </dependency> 
+        
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-binding-jms-runtime</artifactId>
+            <version>1.4-SNAPSHOT</version>
+        </dependency> 
+        
+        <dependency>
+            <groupId>org.apache.activemq</groupId>
+            <artifactId>activemq-core</artifactId>
+            <version>4.1.1</version>
+            <scope>runtime</scope>
+        </dependency>
+        
+        <dependency>
+           <groupId>org.apache.geronimo.specs</groupId>
+           <artifactId>geronimo-jms_1.1_spec</artifactId>
+           <version>1.1</version>
+           <scope>provided</scope>
+           <exclusions>
+               <exclusion>
+                   <groupId>org.apache.geronimo.specs</groupId>
+                   <artifactId>geronimo-jms_1.1_spec</artifactId>
+               </exclusion>
+           </exclusions>
+        </dependency>  
+
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.2</version>
+        </dependency>
+        
+        <dependency>
+            <groupId>httpunit</groupId>
+            <artifactId>httpunit</artifactId>
+            <version>1.6.1</version>
+            <scope>test</scope>
+        </dependency>        
+
+    </dependencies>
+</project>
diff --git a/java/sca/itest/policy-security-token/src/main/java/helloworld/HelloWorldClientImpl.java b/java/sca/itest/policy-security-token/src/main/java/helloworld/HelloWorldClientImpl.java
new file mode 100644
index 0000000000..55b798edbe
--- /dev/null
+++ b/java/sca/itest/policy-security-token/src/main/java/helloworld/HelloWorldClientImpl.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package helloworld;
+
+import org.osoa.sca.annotations.Reference;
+import org.osoa.sca.annotations.Service;
+
+/**
+ * This class implements the HelloWorld service.
+ */
+@Service(HelloWorldService.class)
+public class HelloWorldClientImpl implements HelloWorldService {
+    
+    @Reference
+    protected HelloWorldService helloworldWS;
+    
+    @Reference
+    protected HelloWorldService helloworldJMS;    
+
+    public String getGreetings(String name) {
+        return "Hello " + 
+                helloworldWS.getGreetings(name) + 
+                helloworldJMS.getGreetings(name);
+    }
+
+}
diff --git a/java/sca/itest/policy-security-token/src/main/java/helloworld/HelloWorldService.java b/java/sca/itest/policy-security-token/src/main/java/helloworld/HelloWorldService.java
new file mode 100644
index 0000000000..268d90e910
--- /dev/null
+++ b/java/sca/itest/policy-security-token/src/main/java/helloworld/HelloWorldService.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package helloworld;
+
+import org.osoa.sca.annotations.Remotable;
+
+/**
+ * This is the business interface of the HelloWorld greetings service.
+ */
+@Remotable
+public interface HelloWorldService {
+
+    public String getGreetings(String name);
+}
diff --git a/java/sca/itest/policy-security-token/src/main/java/helloworld/HelloWorldServiceImpl.java b/java/sca/itest/policy-security-token/src/main/java/helloworld/HelloWorldServiceImpl.java
new file mode 100644
index 0000000000..6372570d1f
--- /dev/null
+++ b/java/sca/itest/policy-security-token/src/main/java/helloworld/HelloWorldServiceImpl.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package helloworld;
+
+import javax.security.auth.Subject;
+
+import org.osoa.sca.RequestContext;
+import org.osoa.sca.annotations.Context;
+import org.osoa.sca.annotations.Service;
+
+/**
+ * This class implements the HelloWorld service.
+ */
+@Service(HelloWorldService.class)
+public class HelloWorldServiceImpl implements HelloWorldService {
+
+    @Context
+    protected RequestContext requestContext;
+    
+    public String getGreetings(String name) {
+        Subject subject = requestContext.getSecuritySubject();
+        
+        if (subject == null){
+            return "Hello " + name + " null subject";
+        } else {
+            return "Hello " + name + " " + subject.toString();
+        }
+    }
+
+}
diff --git a/java/sca/itest/policy-security-token/src/main/resources/definitions.xml b/java/sca/itest/policy-security-token/src/main/resources/definitions.xml
new file mode 100644
index 0000000000..f7bb9bc374
--- /dev/null
+++ b/java/sca/itest/policy-security-token/src/main/resources/definitions.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="ASCII"?>
+<!--
+    * Licensed to the Apache Software Foundation (ASF) under one
+    * or more contributor license agreements.  See the NOTICE file
+    * distributed with this work for additional information
+    * regarding copyright ownership.  The ASF licenses this file
+    * to you under the Apache License, Version 2.0 (the
+    * "License"); you may not use this file except in compliance
+    * with the License.  You may obtain a copy of the License at
+    * 
+    *   http://www.apache.org/licenses/LICENSE-2.0
+    * 
+    * Unless required by applicable law or agreed to in writing,
+    * software distributed under the License is distributed on an
+    * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    * KIND, either express or implied.  See the License for the
+    * specific language governing permissions and limitations
+    * under the License.    
+-->
+<definitions xmlns="http://www.osoa.org/xmlns/sca/1.0" 
+             targetNamespace="http://itest/policy"
+    		 xmlns:sca="http://www.osoa.org/xmlns/sca/1.0" 
+    		 xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"
+             xmlns:ip="http://itest/policy" >
+
+
+    <sca:policySet name="Axis2TokenAuthenticationPolicySet"
+                   provides="authentication"
+                   appliesTo="sca:binding.ws">
+                
+        <tuscany:axis2TokenAuthentication xmlns:foo="http://tuscany.apache.org/foo" tokenName="foo:myname"/>
+    </sca:policySet>
+    
+    <sca:policySet name="JMSTokenAuthenticationPolicySet"
+                   provides="authentication"
+                   appliesTo="sca:binding.jms">
+                
+        <tuscany:jmsTokenAuthentication xmlns:foo="http://tuscany.apache.org/foo" tokenName="foo:myname"/>
+    </sca:policySet>
+    
+    <sca:policySet name="ImplementationIdentityPolicySet"
+                    provides="tuscany:identity"
+                   appliesTo="sca:implementation.java">
+        <securityIdentity>
+            <useCallerIdentity/>
+        </securityIdentity>  
+    </sca:policySet>    
+      
+</definitions>
\ No newline at end of file
diff --git a/java/sca/itest/policy-security-token/src/main/resources/helloworld.composite b/java/sca/itest/policy-security-token/src/main/resources/helloworld.composite
new file mode 100644
index 0000000000..1db89fd502
--- /dev/null
+++ b/java/sca/itest/policy-security-token/src/main/resources/helloworld.composite
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    * Licensed to the Apache Software Foundation (ASF) under one
+    * or more contributor license agreements.  See the NOTICE file
+    * distributed with this work for additional information
+    * regarding copyright ownership.  The ASF licenses this file
+    * to you under the Apache License, Version 2.0 (the
+    * "License"); you may not use this file except in compliance
+    * with the License.  You may obtain a copy of the License at
+    * 
+    *   http://www.apache.org/licenses/LICENSE-2.0
+    * 
+    * Unless required by applicable law or agreed to in writing,
+    * software distributed under the License is distributed on an
+    * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    * KIND, either express or implied.  See the License for the
+    * specific language governing permissions and limitations
+    * under the License.    
+-->
+<composite xmlns="http://www.osoa.org/xmlns/sca/1.0" 
+           targetNamespace="http://itest/policy"
+           xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"
+           xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"
+           xmlns:ip="http://itest/policy"
+           name="Helloworld">
+           
+    <component name="HelloWorldClientComponent">
+        <implementation.java class="helloworld.HelloWorldClientImpl"/>
+        <service name="HelloWorldService">
+            <interface.java interface="helloworld.HelloWorldService"/>
+            <binding.sca/>
+        </service>
+        <reference name="helloworldWS" requires="authentication">
+            <binding.ws uri="http://localhost:8085/HelloWorldServiceWSComponent"/>
+        </reference>
+        <reference name="helloworldJMS" requires="authentication">
+            <binding.jms uri="jms:HelloWorldService"/>
+        </reference>
+    </component>           
+
+    <component name="HelloWorldServiceWSComponent">
+        <implementation.java class="helloworld.HelloWorldServiceImpl" requires="tuscany:identity"/>
+        <service name="HelloWorldService" requires="authentication">
+        	<interface.java interface="helloworld.HelloWorldService"/>
+            <binding.ws uri="http://localhost:8085/HelloWorldServiceWSComponent"/>
+        </service>
+    </component>
+    
+    <component name="HelloWorldServiceJMSComponent">
+        <implementation.java class="helloworld.HelloWorldServiceImpl" requires="tuscany:identity"/>
+        <service name="HelloWorldService" requires="authentication">
+            <interface.java interface="helloworld.HelloWorldService"/>
+            <binding.jms/>
+        </service>
+    </component>    
+</composite>
diff --git a/java/sca/itest/policy-security-basicauth/src/main/resources/jndi.properties b/java/sca/itest/policy-security-token/src/main/resources/jndi.properties
index 9abdff215d..9abdff215d 100644
--- a/java/sca/itest/policy-security-basicauth/src/main/resources/jndi.properties
+++ b/java/sca/itest/policy-security-token/src/main/resources/jndi.properties
diff --git a/java/sca/itest/policy-security-token/src/test/java/org/apache/tuscany/sca/itest/TokenAuthTestCase.java b/java/sca/itest/policy-security-token/src/test/java/org/apache/tuscany/sca/itest/TokenAuthTestCase.java
new file mode 100644
index 0000000000..167e45738f
--- /dev/null
+++ b/java/sca/itest/policy-security-token/src/test/java/org/apache/tuscany/sca/itest/TokenAuthTestCase.java
@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package org.apache.tuscany.sca.itest;
+
+import java.io.ByteArrayInputStream;
+
+import junit.framework.Assert;
+import helloworld.HelloWorldService;
+
+import org.apache.tuscany.sca.node.SCAClient;
+import org.apache.tuscany.sca.node.SCANode;
+import org.apache.tuscany.sca.node.SCANodeFactory;
+import org.apache.ws.security.util.Base64;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import com.meterware.httpunit.PostMethodWebRequest;
+import com.meterware.httpunit.WebConversation;
+import com.meterware.httpunit.WebRequest;
+import com.meterware.httpunit.WebResponse;
+
+public class TokenAuthTestCase {
+    private static SCANode node;
+    private static HelloWorldService service;
+
+    @BeforeClass
+    public static void init() throws Exception {
+        try {
+            SCANodeFactory factory = SCANodeFactory.newInstance();
+            node = factory.createSCANodeFromClassLoader("helloworld.composite", 
+                                                        TokenAuthTestCase.class.getClassLoader());
+            node.start();
+            
+            service = ((SCAClient)node).getService(HelloWorldService.class, "HelloWorldClientComponent");
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        }
+    }
+
+    @AfterClass
+    public static void destroy() throws Exception {
+        node.stop();
+    }
+    
+    @Test
+    //@Ignore
+    public void testViaSCAClient() {
+        String greetings = service.getGreetings("Simon");
+        System.out.println(">>>" + greetings);
+    } 
+    
+    @Test
+    @Ignore
+    public void testWSViaNonSCAClient() {
+        
+        try {
+            String token ="MyToken";
+            String encToken = Base64.encode(token.getBytes());
+            
+            String response = callService("http://L3AW203:8085/HelloWorldServiceWSComponent",
+                                          "<?xml version='1.0' encoding='UTF-8'?>" +
+                                            "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">" + 
+                                             "<soapenv:Header>" + 
+                                               "<ns2:Token xmlns:ns2=\"http://helloworld/\">" + encToken + "</ns2:Token>" + 
+                                             "</soapenv:Header>" + 
+                                             "<soapenv:Body>" + 
+                                               "<ns2:getGreetings xmlns:ns2=\"http://helloworld/\">" + 
+                                                 "<arg0>Simon</arg0>" + 
+                                               "</ns2:getGreetings>" + 
+                                             "</soapenv:Body>" + 
+                                            "</soapenv:Envelope>" );
+            System.out.println(">>>" + response);
+        } catch(Exception ex) {
+            System.out.println(ex.toString());
+        }
+    } 
+    
+    @Test
+    @Ignore
+    public void testJMSViaNonSCAClient() {
+        // TODO
+    }
+    
+    public String callService(String url, String requestString) throws Exception {
+        System.out.println("Request = " + requestString);
+        WebConversation wc   = new WebConversation();
+        wc.setAuthorization("Me", "MyPasswd");
+        WebRequest request   = new PostMethodWebRequest( url, 
+                                                         new ByteArrayInputStream(requestString.getBytes("UTF-8")),"text/xml");
+        request.setHeaderField("SOAPAction", "");
+        WebResponse response = wc.getResource(request);
+        System.out.println("Response= " + response.getText());               
+        Assert.assertEquals(200, response.getResponseCode());
+        return response.getText(); 
+    }    
+}
diff --git a/java/sca/itest/pom.xml b/java/sca/itest/pom.xml
index b2af34b305..1c32e2489c 100644
--- a/java/sca/itest/pom.xml
+++ b/java/sca/itest/pom.xml
@@ -106,6 +106,7 @@
                 <module>policy-security</module>
                 <module>policy-security-basicauth</module>
                 <module>policy-security-jsr250</module>
+                <module>policy-security-token</module>
                 <module>properties</module>
                 <module>recursive</module>
                 <module>recursive-multi-level</module>
diff --git a/java/sca/modules/assembly-xsd/src/main/resources/sca-binding-jms.xsd b/java/sca/modules/assembly-xsd/src/main/resources/sca-binding-jms.xsd
index 6f64453635..5691bca8d1 100644
--- a/java/sca/modules/assembly-xsd/src/main/resources/sca-binding-jms.xsd
+++ b/java/sca/modules/assembly-xsd/src/main/resources/sca-binding-jms.xsd
@@ -41,7 +41,7 @@
             <attribute name="requestConnection" type="QName"/>
             <attribute name="responseConnection" type="QName"/>
             <attribute name="operationProperties" type="QName"/>
-            <anyAttribute/>
+            <anyAttribute namespace="##any" processContents="lax"/>
          </extension>
       </complexContent>
    </complexType>
diff --git a/java/sca/modules/binding-jms-policy/LICENSE b/java/sca/modules/binding-jms-policy/LICENSE
new file mode 100644
index 0000000000..8aa906c321
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/LICENSE
@@ -0,0 +1,205 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+
+
diff --git a/java/sca/modules/binding-jms-policy/NOTICE b/java/sca/modules/binding-jms-policy/NOTICE
new file mode 100644
index 0000000000..fdfa0e9faa
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/NOTICE
@@ -0,0 +1,6 @@
+${pom.name}
+Copyright (c) 2005 - 2008 The Apache Software Foundation
+
+This product includes software developed by
+The Apache Software Foundation (http://www.apache.org/).
+
diff --git a/java/sca/modules/binding-jms-policy/pom.xml b/java/sca/modules/binding-jms-policy/pom.xml
new file mode 100644
index 0000000000..fced6ee53a
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/pom.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+-->
+<project>
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.tuscany.sca</groupId>
+        <artifactId>tuscany-modules</artifactId>
+        <version>1.4-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <artifactId>tuscany-binding-jms-policy</artifactId>
+    <name>Apache Tuscany Policy Model for JMS binding</name>
+    
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-contribution</artifactId>
+            <version>1.4-SNAPSHOT</version>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-assembly-xml</artifactId>
+            <version>1.4-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-policy-security</artifactId>
+            <version>1.4-SNAPSHOT</version>
+        </dependency>       
+    </dependencies>
+		
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+
+                <configuration>
+                    <instructions>
+                        <Bundle-Version>${tuscany.version}</Bundle-Version>
+                        <Bundle-SymbolicName>org.apache.tuscany.sca.binding.jms.policy</Bundle-SymbolicName>
+                        <Bundle-Description>${pom.name}</Bundle-Description>
+                        <Export-Package>org.apache.tuscany.sca.binding.jms.policy*</Export-Package>
+                    </instructions>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationPolicy.java b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationPolicy.java
new file mode 100644
index 0000000000..16ed2a53a4
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationPolicy.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.binding.jms.policy.authentication.token;
+
+import javax.xml.namespace.QName;
+
+import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.policy.Policy;
+
+/**
+ * Implementation for policies that could be injected as parameter
+ * into the axis2config.
+ *
+ * @version $Rev$ $Date$
+ */
+public class JMSTokenAuthenticationPolicy implements Policy {
+    public static final QName JMS_TOKEN_AUTHENTICATION_POLICY_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "jmsTokenAuthentication");
+    public static final String JMS_TOKEN_AUTHENTICATION_TOKEN_NAME = "tokenName";
+
+    private QName tokenName;
+
+    public QName getTokenName() {
+        return tokenName;
+    }
+    
+    public void setTokenName(QName tokenName) {
+        this.tokenName = tokenName;
+    }
+    
+    public QName getSchemaName() {
+        return JMS_TOKEN_AUTHENTICATION_POLICY_QNAME;
+    }
+
+    public boolean isUnresolved() {
+        return false;
+    }
+
+    public void setUnresolved(boolean unresolved) {
+    }
+}
diff --git a/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationPolicyProcessor.java b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationPolicyProcessor.java
new file mode 100644
index 0000000000..2d63fd5a16
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationPolicyProcessor.java
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.binding.jms.policy.authentication.token;
+
+import static javax.xml.stream.XMLStreamConstants.END_ELEMENT;
+import static javax.xml.stream.XMLStreamConstants.START_ELEMENT;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint;
+import org.apache.tuscany.sca.contribution.processor.BaseStAXArtifactProcessor;
+import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor;
+import org.apache.tuscany.sca.contribution.resolver.ModelResolver;
+import org.apache.tuscany.sca.contribution.service.ContributionReadException;
+import org.apache.tuscany.sca.contribution.service.ContributionResolveException;
+import org.apache.tuscany.sca.contribution.service.ContributionWriteException;
+import org.apache.tuscany.sca.monitor.Monitor;
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class JMSTokenAuthenticationPolicyProcessor extends BaseStAXArtifactProcessor implements StAXArtifactProcessor<JMSTokenAuthenticationPolicy> {
+    
+    public QName getArtifactType() {
+        return JMSTokenAuthenticationPolicy.JMS_TOKEN_AUTHENTICATION_POLICY_QNAME;
+    }
+    
+    public JMSTokenAuthenticationPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) {
+    }
+
+    
+    public JMSTokenAuthenticationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException {
+        JMSTokenAuthenticationPolicy policy = new JMSTokenAuthenticationPolicy();
+        int event = reader.getEventType();
+        QName name = null;
+        
+        while (reader.hasNext()) {
+            event = reader.getEventType();
+            switch (event) {
+                case START_ELEMENT : {
+                    name = reader.getName();
+                    if ( name.equals(getArtifactType()) ) {
+                        policy.setTokenName(getQName(reader, JMSTokenAuthenticationPolicy.JMS_TOKEN_AUTHENTICATION_TOKEN_NAME));
+                    } 
+                    break;
+                }
+            }
+            
+            if ( event == END_ELEMENT ) {
+                if ( getArtifactType().equals(reader.getName()) ) {
+                    break;
+                } 
+            }
+            
+            //Read the next element
+            if (reader.hasNext()) {
+                reader.next();
+            }
+        }
+         
+        return policy;
+    }
+
+    public void write(JMSTokenAuthenticationPolicy policy, XMLStreamWriter writer) 
+        throws ContributionWriteException, XMLStreamException {
+        String prefix = "tuscany";
+        writer.writeStartElement(prefix, 
+                                 getArtifactType().getLocalPart(),
+                                 getArtifactType().getNamespaceURI());
+        writer.writeNamespace("tuscany", Constants.SCA10_TUSCANY_NS);
+
+        if ( policy.getTokenName() != null ) {
+            writer.writeStartElement(prefix, 
+                                     JMSTokenAuthenticationPolicy.JMS_TOKEN_AUTHENTICATION_TOKEN_NAME,
+                                     getArtifactType().getNamespaceURI());
+            writer.writeCharacters(policy.getTokenName().toString());
+            writer.writeEndElement();
+        }      
+        
+        writer.writeEndElement();
+    }
+
+    public Class<JMSTokenAuthenticationPolicy> getModelType() {
+        return JMSTokenAuthenticationPolicy.class;
+    }
+
+    public void resolve(JMSTokenAuthenticationPolicy arg0, ModelResolver arg1) throws ContributionResolveException {
+
+    }
+    
+}
diff --git a/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationPolicyProviderFactory.java b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationPolicyProviderFactory.java
new file mode 100644
index 0000000000..fd77e57418
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationPolicyProviderFactory.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package org.apache.tuscany.sca.binding.jms.policy.authentication.token;
+
+import org.apache.tuscany.sca.assembly.Binding;
+import org.apache.tuscany.sca.assembly.Implementation;
+import org.apache.tuscany.sca.core.ExtensionPointRegistry;
+import org.apache.tuscany.sca.provider.PolicyProvider;
+import org.apache.tuscany.sca.provider.PolicyProviderFactory;
+import org.apache.tuscany.sca.runtime.RuntimeComponent;
+import org.apache.tuscany.sca.runtime.RuntimeComponentReference;
+import org.apache.tuscany.sca.runtime.RuntimeComponentService;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JMSTokenAuthenticationPolicyProviderFactory implements PolicyProviderFactory<JMSTokenAuthenticationPolicy> {
+    private ExtensionPointRegistry registry;
+    
+    public JMSTokenAuthenticationPolicyProviderFactory(ExtensionPointRegistry registry) {
+        super();
+        this.registry = registry;
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createImplementationPolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.assembly.Implementation)
+     */
+    public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) {
+        return null;//new TokenAuthenticationImplementationPolicyProvider(component, implementation);
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createReferencePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentReference, org.apache.tuscany.sca.assembly.Binding)
+     */
+    public PolicyProvider createReferencePolicyProvider(RuntimeComponent component,
+                                                        RuntimeComponentReference reference,
+                                                        Binding binding) {
+        return new JMSTokenAuthenticationReferencePolicyProvider(component, reference, binding);
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createServicePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentService, org.apache.tuscany.sca.assembly.Binding)
+     */
+    public PolicyProvider createServicePolicyProvider(RuntimeComponent component,
+                                                      RuntimeComponentService service,
+                                                      Binding binding) {
+        return new JMSTokenAuthenticationServicePolicyProvider(component, service, binding);
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.ProviderFactory#getModelType()
+     */
+    public Class getModelType() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+}
diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationServicePolicyInterceptor.java b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationReferencePolicyInterceptor.java
index f2964650ef..98a164c612 100644
--- a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationServicePolicyInterceptor.java
+++ b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationReferencePolicyInterceptor.java
@@ -16,23 +16,13 @@
  * specific language governing permissions and limitations
  * under the License.    
  */
-package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic;
+package org.apache.tuscany.sca.binding.jms.policy.authentication.token;
 
-import java.util.Map;
-import java.util.logging.ConsoleHandler;
-import java.util.logging.Handler;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 
-import javax.xml.namespace.QName;
-
-import org.apache.axiom.om.util.Base64;
-import org.apache.tuscany.sca.assembly.xml.Constants;
 import org.apache.tuscany.sca.interfacedef.Operation;
 import org.apache.tuscany.sca.invocation.Interceptor;
 import org.apache.tuscany.sca.invocation.Invoker;
 import org.apache.tuscany.sca.invocation.Message;
-import org.apache.tuscany.sca.policy.Policy;
 import org.apache.tuscany.sca.policy.PolicySet;
 
 /**
@@ -41,16 +31,15 @@ import org.apache.tuscany.sca.policy.PolicySet;
  *
  * @version $Rev$ $Date$
  */
-public class Axis2BasicAuthenticationServicePolicyInterceptor implements Interceptor {
-    public static final QName policySetQName = new QName(Constants.SCA10_TUSCANY_NS, "wsBasicAuthentication");
+public class JMSTokenAuthenticationReferencePolicyInterceptor implements Interceptor {
 
     private Invoker next;
     private Operation operation;
     private PolicySet policySet = null;
     private String context;
-    private Axis2BasicAuthenticationPolicy policy;
+    private JMSTokenAuthenticationPolicy policy;
 
-    public Axis2BasicAuthenticationServicePolicyInterceptor(String context, Operation operation, PolicySet policySet) {
+    public JMSTokenAuthenticationReferencePolicyInterceptor(String context, Operation operation, PolicySet policySet) {
         super();
         this.operation = operation;
         this.policySet = policySet;
@@ -61,8 +50,8 @@ public class Axis2BasicAuthenticationServicePolicyInterceptor implements Interce
     private void init() {
         if (policySet != null) {
             for (Object policyObject : policySet.getPolicies()){
-                if (policyObject instanceof Axis2BasicAuthenticationPolicy){
-                    policy = (Axis2BasicAuthenticationPolicy)policyObject;
+                if (policyObject instanceof JMSTokenAuthenticationPolicy){
+                    policy = (JMSTokenAuthenticationPolicy)policyObject;
                     break;
                 }
             }
@@ -70,9 +59,15 @@ public class Axis2BasicAuthenticationServicePolicyInterceptor implements Interce
     }
 
     public Message invoke(Message msg) {
-        // TODO - We might use interceptors to do the Axis2 config
-        //        if we can change the infrastructure split the 
-        //        invoker up
+        // could call out here to some 3rd party system to get credentials
+        
+        if ( policy.getTokenName() != null){
+    
+            // add header to Tuscany message
+            msg.getHeaders().put(policy.getTokenName().toString(),
+                                 "SomeJMSAuthorizationToken");  
+        }
+        
         return getNext().invoke(msg);
     }
 
diff --git a/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationReferencePolicyProvider.java b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationReferencePolicyProvider.java
new file mode 100644
index 0000000000..610bf758d1
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationReferencePolicyProvider.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package org.apache.tuscany.sca.binding.jms.policy.authentication.token;
+
+import java.util.List;
+
+import org.apache.tuscany.sca.assembly.Binding;
+import org.apache.tuscany.sca.interfacedef.Operation;
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Phase;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
+import org.apache.tuscany.sca.policy.util.PolicyHandler;
+import org.apache.tuscany.sca.provider.PolicyProvider;
+import org.apache.tuscany.sca.runtime.RuntimeComponent;
+import org.apache.tuscany.sca.runtime.RuntimeComponentReference;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JMSTokenAuthenticationReferencePolicyProvider implements PolicyProvider {
+    private RuntimeComponent component;
+    private RuntimeComponentReference reference;
+    private Binding binding;
+
+    public JMSTokenAuthenticationReferencePolicyProvider(RuntimeComponent component,
+                                             RuntimeComponentReference reference,
+                                             Binding binding) {
+        super();
+        this.component = component;
+        this.reference = reference;
+        this.binding = binding;
+    }
+
+    private PolicySet findPolicySet() {
+        if (binding instanceof PolicySetAttachPoint) {
+            List<PolicySet> policySets = ((PolicySetAttachPoint)binding).getApplicablePolicySets();
+            for (PolicySet ps : policySets) {
+                for (Object p : ps.getPolicies()) {
+                    if (JMSTokenAuthenticationPolicy.class.isInstance(p)) {
+                        return ps;
+                    }
+                }
+            }
+        }
+        return null;
+    }
+
+    private String getContext() {
+        return "component.reference: " + component.getURI()
+            + "#"
+            + reference.getName()
+            + "("
+            + binding.getClass().getName()
+            + ")";
+    }
+    
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProvider#createInterceptor(org.apache.tuscany.sca.interfacedef.Operation)
+     */
+    public Interceptor createInterceptor(Operation operation) {
+        PolicySet ps = findPolicySet();
+        return ps == null ? null : new JMSTokenAuthenticationReferencePolicyInterceptor(getContext(), operation, ps);
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProvider#getPhase()
+     */
+    public String getPhase() {
+        return Phase.REFERENCE_POLICY;
+    }
+
+}
diff --git a/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationServicePolicyInterceptor.java b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationServicePolicyInterceptor.java
new file mode 100644
index 0000000000..1280abc3e0
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationServicePolicyInterceptor.java
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.binding.jms.policy.authentication.token;
+
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
+
+import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.interfacedef.Operation;
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Invoker;
+import org.apache.tuscany.sca.invocation.Message;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.SecurityUtil;
+import org.apache.tuscany.sca.policy.authentication.token.TokenPrincipal;
+
+/**
+ * Policy handler to handle PolicySet related to Logging with the QName
+ * {http://tuscany.apache.org/xmlns/sca/1.0/impl/java}LoggingPolicy
+ *
+ * @version $Rev$ $Date$
+ */
+public class JMSTokenAuthenticationServicePolicyInterceptor implements Interceptor {
+    private Invoker next;
+    private Operation operation;
+    private PolicySet policySet = null;
+    private String context;
+    private JMSTokenAuthenticationPolicy policy;
+
+    public JMSTokenAuthenticationServicePolicyInterceptor(String context, Operation operation, PolicySet policySet) {
+        super();
+        this.operation = operation;
+        this.policySet = policySet;
+        this.context = context;
+        init();
+    }
+
+    private void init() {
+        if (policySet != null) {
+            for (Object policyObject : policySet.getPolicies()){
+                if (policyObject instanceof JMSTokenAuthenticationPolicy){
+                    policy = (JMSTokenAuthenticationPolicy)policyObject;
+                    break;
+                }
+            }
+        }
+    }
+
+    public Message invoke(Message msg) {
+        
+        String token = (String)msg.getHeaders().get(policy.getTokenName().toString());
+        
+        if (token != null) {
+            System.out.println("Token: " + token);
+            
+            // call out here to some 3rd party system to do whatever you 
+            // need to turn header credentials into an authenticated principal 
+            
+            Subject subject = SecurityUtil.getSubject(msg);
+            Principal principal = new TokenPrincipal(token);
+            subject.getPrincipals().add(principal);              
+        }
+    
+        return getNext().invoke(msg);
+    }
+
+    public Invoker getNext() {
+        return next;
+    }
+
+    public void setNext(Invoker next) {
+        this.next = next;
+    }
+}
diff --git a/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationServicePolicyProvider.java b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationServicePolicyProvider.java
new file mode 100644
index 0000000000..4278c1e595
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/authentication/token/JMSTokenAuthenticationServicePolicyProvider.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package org.apache.tuscany.sca.binding.jms.policy.authentication.token;
+
+import java.util.List;
+
+import org.apache.tuscany.sca.assembly.Binding;
+import org.apache.tuscany.sca.interfacedef.Operation;
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Phase;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
+import org.apache.tuscany.sca.policy.util.PolicyHandler;
+import org.apache.tuscany.sca.provider.PolicyProvider;
+import org.apache.tuscany.sca.runtime.RuntimeComponent;
+import org.apache.tuscany.sca.runtime.RuntimeComponentService;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JMSTokenAuthenticationServicePolicyProvider implements PolicyProvider {
+    private RuntimeComponent component;
+    private RuntimeComponentService service;
+    private Binding binding;
+
+    public JMSTokenAuthenticationServicePolicyProvider(RuntimeComponent component, RuntimeComponentService service, Binding binding) {
+        super();
+        this.component = component;
+        this.service = service;
+        this.binding = binding;
+    }
+
+    private PolicySet findPolicySet() {
+        if (binding instanceof PolicySetAttachPoint) {
+            List<PolicySet> policySets = ((PolicySetAttachPoint)binding).getApplicablePolicySets();
+            for (PolicySet ps : policySets) {
+                for (Object p : ps.getPolicies()) {
+                    if (JMSTokenAuthenticationPolicy.class.isInstance(p)) {
+                        return ps;
+                    }
+                }
+            }
+        }
+        return null;
+    }
+
+    private String getContext() {
+        return "component.service: " + component.getURI()
+            + "#"
+            + service.getName()
+            + "("
+            + binding.getClass().getName()
+            + ")";
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProvider#createInterceptor(org.apache.tuscany.sca.interfacedef.Operation)
+     */
+    public Interceptor createInterceptor(Operation operation) {
+        PolicySet ps = findPolicySet();
+        return ps == null ? null : new JMSTokenAuthenticationServicePolicyInterceptor(getContext(), operation, ps);
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProvider#getPhase()
+     */
+    public String getPhase() {
+        return Phase.SERVICE_POLICY;
+    }
+
+}
diff --git a/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/header/JMSHeaderPolicy.java b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/header/JMSHeaderPolicy.java
new file mode 100644
index 0000000000..c51e33fb53
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/header/JMSHeaderPolicy.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.binding.jms.policy.header;
+
+import javax.xml.namespace.QName;
+
+import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.policy.Policy;
+
+/**
+ * Implementation for policies that could be injected as parameter
+ * into the axis2config.
+ *
+ * @version $Rev$ $Date$
+ */
+public class JMSHeaderPolicy implements Policy {
+    public static final QName AXIS2_HEADER_POLICY_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "axis2Header");
+    public static final String AXIS2_HEADER_NAME = "headerName";
+
+    private QName headerName;
+
+    public QName getHeaderName() {
+        return headerName;
+    }
+    
+    public void setHeaderName(QName headerName) {
+        this.headerName = headerName;
+    }
+    
+    public QName getSchemaName() {
+        return AXIS2_HEADER_POLICY_QNAME;
+    }
+
+    public boolean isUnresolved() {
+        return false;
+    }
+
+    public void setUnresolved(boolean unresolved) {
+    }
+}
diff --git a/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/header/JMSHeaderPolicyProcessor.java b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/header/JMSHeaderPolicyProcessor.java
new file mode 100644
index 0000000000..f8186470c8
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/java/org/apache/tuscany/sca/binding/jms/policy/header/JMSHeaderPolicyProcessor.java
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.binding.jms.policy.header;
+
+import static javax.xml.stream.XMLStreamConstants.END_ELEMENT;
+import static javax.xml.stream.XMLStreamConstants.START_ELEMENT;
+
+import java.util.logging.Level;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint;
+import org.apache.tuscany.sca.contribution.processor.BaseStAXArtifactProcessor;
+import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor;
+import org.apache.tuscany.sca.contribution.resolver.ModelResolver;
+import org.apache.tuscany.sca.contribution.service.ContributionReadException;
+import org.apache.tuscany.sca.contribution.service.ContributionResolveException;
+import org.apache.tuscany.sca.contribution.service.ContributionWriteException;
+import org.apache.tuscany.sca.monitor.Monitor;
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class JMSHeaderPolicyProcessor extends BaseStAXArtifactProcessor implements StAXArtifactProcessor<JMSHeaderPolicy> {
+    
+    public QName getArtifactType() {
+        return JMSHeaderPolicy.AXIS2_HEADER_POLICY_QNAME;
+    }
+    
+    public JMSHeaderPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) {
+    }
+
+    
+    public JMSHeaderPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException {
+        JMSHeaderPolicy policy = new JMSHeaderPolicy();
+        int event = reader.getEventType();
+        QName name = null;
+        
+        while (reader.hasNext()) {
+            event = reader.getEventType();
+            switch (event) {
+                case START_ELEMENT : {
+                    name = reader.getName();
+                    if ( name.equals(getArtifactType()) ) {
+                        policy.setHeaderName(getQName(reader, JMSHeaderPolicy.AXIS2_HEADER_NAME));
+                    } 
+                    break;
+                }
+            }
+            
+            if ( event == END_ELEMENT ) {
+                if ( getArtifactType().equals(reader.getName()) ) {
+                    break;
+                } 
+            }
+            
+            //Read the next element
+            if (reader.hasNext()) {
+                reader.next();
+            }
+        }
+         
+        return policy;
+    }
+
+    public void write(JMSHeaderPolicy policy, XMLStreamWriter writer) 
+        throws ContributionWriteException, XMLStreamException {
+        String prefix = "tuscany";
+        writer.writeStartElement(prefix, 
+                                 getArtifactType().getLocalPart(),
+                                 getArtifactType().getNamespaceURI());
+        writer.writeNamespace("tuscany", Constants.SCA10_TUSCANY_NS);
+
+        if ( policy.getHeaderName() != null ) {
+            writer.writeStartElement(prefix, 
+                                     JMSHeaderPolicy.AXIS2_HEADER_NAME,
+                                     getArtifactType().getNamespaceURI());
+            writer.writeCharacters(policy.getHeaderName().toString());
+            writer.writeEndElement();
+        }      
+        
+        writer.writeEndElement();
+    }
+
+    public Class<JMSHeaderPolicy> getModelType() {
+        return JMSHeaderPolicy.class;
+    }
+
+    public void resolve(JMSHeaderPolicy arg0, ModelResolver arg1) throws ContributionResolveException {
+
+    }
+    
+}
diff --git a/java/sca/modules/binding-jms-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/java/sca/modules/binding-jms-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
new file mode 100644
index 0000000000..e6f22e327c
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one

+# or more contributor license agreements.  See the NOTICE file

+# distributed with this work for additional information

+# regarding copyright ownership.  The ASF licenses this file

+# to you under the Apache License, Version 2.0 (the

+# "License"); you may not use this file except in compliance

+# with the License.  You may obtain a copy of the License at

+# 

+#   http://www.apache.org/licenses/LICENSE-2.0

+# 

+# Unless required by applicable law or agreed to in writing,

+# software distributed under the License is distributed on an

+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

+# KIND, either express or implied.  See the License for the

+# specific language governing permissions and limitations

+# under the License. 

+

+# Implementation class for the artifact processor extension

+org.apache.tuscany.sca.binding.jms.policy.authentication.token.JMSTokenAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jmsTokenAuthentication,model=org.apache.tuscany.sca.binding.jms.policy.authentication.token.JMSTokenAuthenticationPolicy

+org.apache.tuscany.sca.binding.jms.policy.header.JMSHeaderPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jmsHeader,model=org.apache.tuscany.sca.binding.jms.policy.header.JMSHeaderPolicy
\ No newline at end of file
diff --git a/java/sca/modules/binding-jms-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory b/java/sca/modules/binding-jms-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
new file mode 100644
index 0000000000..b04c71d8e3
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one

+# or more contributor license agreements.  See the NOTICE file

+# distributed with this work for additional information

+# regarding copyright ownership.  The ASF licenses this file

+# to you under the Apache License, Version 2.0 (the

+# "License"); you may not use this file except in compliance

+# with the License.  You may obtain a copy of the License at

+# 

+#   http://www.apache.org/licenses/LICENSE-2.0

+# 

+# Unless required by applicable law or agreed to in writing,

+# software distributed under the License is distributed on an

+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

+# KIND, either express or implied.  See the License for the

+# specific language governing permissions and limitations

+# under the License. 

+

+# Implementation class for the policy extension

+org.apache.tuscany.sca.binding.jms.policy.authentication.token.JMSTokenAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.binding.jms.policy.authentication.token.JMSTokenAuthenticationPolicy
\ No newline at end of file
diff --git a/java/sca/modules/binding-jms-policy/src/test/resources/org/apache/tuscany/sca/binding/ws/axis2/policy/configuration/mock_policies.xml b/java/sca/modules/binding-jms-policy/src/test/resources/org/apache/tuscany/sca/binding/ws/axis2/policy/configuration/mock_policies.xml
new file mode 100644
index 0000000000..77f750cd0d
--- /dev/null
+++ b/java/sca/modules/binding-jms-policy/src/test/resources/org/apache/tuscany/sca/binding/ws/axis2/policy/configuration/mock_policies.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="ASCII"?>
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+-->
+<tuscany:wsConfigParam xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0">
+ 		<parameter name="InflowSecurity">
+		    <action>
+		        <items>Timestamp Signature</items>
+		        <signaturePropFile>org/apache/tuscany/sca/binding/ws/axis2/itests/policy/security.properties</signaturePropFile>
+		    </action>
+		</parameter>
+ 		<parameter name="OutflowSecurity">
+      		<action>
+        		<items>Timestamp Signature</items>
+        		<user>TuscanyWsUser</user>
+        		<signaturePropFile>org/apache/tuscany/sca/binding/ws/axis2/itests/policy/security.properties</signaturePropFile>
+        		<passwordCallbackClass>org.apache.tuscany.sca.binding.ws.axis2.itests.policy.IntegrityPWCBHandler</passwordCallbackClass>" +
+        		<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+      		</action>
+    	</parameter>
+</tuscany:wsConfigParam>
\ No newline at end of file
diff --git a/java/sca/modules/binding-jms-runtime/pom.xml b/java/sca/modules/binding-jms-runtime/pom.xml
index 62eb3de60d..18085ccebf 100644
--- a/java/sca/modules/binding-jms-runtime/pom.xml
+++ b/java/sca/modules/binding-jms-runtime/pom.xml
@@ -35,6 +35,12 @@
             <artifactId>tuscany-binding-jms</artifactId>
             <version>1.4-SNAPSHOT</version>
         </dependency>
+        
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-binding-jms-policy</artifactId>
+            <version>1.4-SNAPSHOT</version>
+        </dependency>         
 
         <dependency>
             <groupId>org.apache.tuscany.sca</groupId>
diff --git a/java/sca/modules/binding-jms-runtime/src/main/java/org/apache/tuscany/sca/binding/jms/provider/JMSBindingInvoker.java b/java/sca/modules/binding-jms-runtime/src/main/java/org/apache/tuscany/sca/binding/jms/provider/JMSBindingInvoker.java
index a14e2bd018..5d8053e02d 100644
--- a/java/sca/modules/binding-jms-runtime/src/main/java/org/apache/tuscany/sca/binding/jms/provider/JMSBindingInvoker.java
+++ b/java/sca/modules/binding-jms-runtime/src/main/java/org/apache/tuscany/sca/binding/jms/provider/JMSBindingInvoker.java
@@ -19,6 +19,7 @@
 package org.apache.tuscany.sca.binding.jms.provider;
 
 import java.lang.reflect.InvocationTargetException;
+import java.util.List;
 import java.util.Map;
 
 import javax.jms.DeliveryMode;
@@ -33,10 +34,13 @@ import javax.naming.NamingException;
 import org.apache.tuscany.sca.binding.jms.impl.JMSBinding;
 import org.apache.tuscany.sca.binding.jms.impl.JMSBindingConstants;
 import org.apache.tuscany.sca.binding.jms.impl.JMSBindingException;
+import org.apache.tuscany.sca.binding.jms.policy.authentication.token.JMSTokenAuthenticationPolicy;
 import org.apache.tuscany.sca.interfacedef.Operation;
 import org.apache.tuscany.sca.interfacedef.java.JavaInterface;
 import org.apache.tuscany.sca.invocation.DataExchangeSemantics;
 import org.apache.tuscany.sca.invocation.Invoker;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
 import org.apache.tuscany.sca.runtime.ReferenceParameters;
 import org.apache.tuscany.sca.runtime.RuntimeComponentReference;
 import org.apache.tuscany.sca.runtime.RuntimeComponentService;
@@ -59,6 +63,7 @@ public class JMSBindingInvoker implements Invoker, DataExchangeSemantics {
     protected Destination bindingRequestDest;
     protected Destination bindingReplyDest;
     protected RuntimeComponentReference reference;
+    protected JMSTokenAuthenticationPolicy jmsTokenAuthenticationPolicy = null;
 
     public JMSBindingInvoker(JMSBinding jmsBinding, Operation operation, JMSResourceFactory jmsResourceFactory, RuntimeComponentReference reference) {
 
@@ -71,6 +76,20 @@ public class JMSBindingInvoker implements Invoker, DataExchangeSemantics {
         this.requestMessageProcessor = JMSMessageProcessorUtil.getRequestMessageProcessor(jmsBinding);
         this.responseMessageProcessor = JMSMessageProcessorUtil.getResponseMessageProcessor(jmsBinding);
 
+        // find out which policies are active
+        if (jmsBinding instanceof PolicySetAttachPoint) {
+            List<PolicySet> policySets = ((PolicySetAttachPoint)jmsBinding).getApplicablePolicySets();
+            for (PolicySet ps : policySets) {
+                for (Object p : ps.getPolicies()) {
+                    if (JMSTokenAuthenticationPolicy.class.isInstance(p)) {
+                        jmsTokenAuthenticationPolicy = (JMSTokenAuthenticationPolicy)p;
+                    }else {
+                        // etc. check for other types of policy being present
+                    }
+                }
+            }
+        }
+        
         try {
 
             bindingRequestDest = lookupDestination();
@@ -353,6 +372,11 @@ public class JMSBindingInvoker implements Invoker, DataExchangeSemantics {
                 jmsMsg.setObjectProperty(propName, value);
             }
         }
+        
+        if (jmsTokenAuthenticationPolicy != null) {
+            String token = (String)tuscanyMsg.getHeaders().get(jmsTokenAuthenticationPolicy.getTokenName().toString());
+            jmsMsg.setStringProperty(jmsTokenAuthenticationPolicy.getTokenName().toString(), token);
+        }
     }
 
     protected boolean hasCallback() {
diff --git a/java/sca/modules/binding-jms-runtime/src/main/java/org/apache/tuscany/sca/binding/jms/provider/JMSBindingListener.java b/java/sca/modules/binding-jms-runtime/src/main/java/org/apache/tuscany/sca/binding/jms/provider/JMSBindingListener.java
index 1990e553e0..f28c85f160 100644
--- a/java/sca/modules/binding-jms-runtime/src/main/java/org/apache/tuscany/sca/binding/jms/provider/JMSBindingListener.java
+++ b/java/sca/modules/binding-jms-runtime/src/main/java/org/apache/tuscany/sca/binding/jms/provider/JMSBindingListener.java
@@ -37,9 +37,12 @@ import org.apache.tuscany.sca.assembly.Binding;
 import org.apache.tuscany.sca.binding.jms.impl.JMSBinding;
 import org.apache.tuscany.sca.binding.jms.impl.JMSBindingConstants;
 import org.apache.tuscany.sca.binding.jms.impl.JMSBindingException;
+import org.apache.tuscany.sca.binding.jms.policy.authentication.token.JMSTokenAuthenticationPolicy;
 import org.apache.tuscany.sca.core.assembly.EndpointReferenceImpl;
 import org.apache.tuscany.sca.core.invocation.MessageImpl;
 import org.apache.tuscany.sca.interfacedef.Operation;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
 import org.apache.tuscany.sca.runtime.EndpointReference;
 import org.apache.tuscany.sca.runtime.ReferenceParameters;
 import org.apache.tuscany.sca.runtime.RuntimeComponentService;
@@ -62,6 +65,7 @@ public class JMSBindingListener implements MessageListener {
     private JMSMessageProcessor responseMessageProcessor;
     private String correlationScheme;
     private List<Operation> serviceOperations;
+    protected JMSTokenAuthenticationPolicy jmsTokenAuthenticationPolicy = null;
 
     public JMSBindingListener(JMSBinding jmsBinding, JMSResourceFactory jmsResourceFactory, RuntimeComponentService service, Binding targetBinding) throws NamingException {
         this.jmsBinding = jmsBinding;
@@ -72,6 +76,20 @@ public class JMSBindingListener implements MessageListener {
         responseMessageProcessor = JMSMessageProcessorUtil.getResponseMessageProcessor(jmsBinding);
         correlationScheme = jmsBinding.getCorrelationScheme();
         serviceOperations = service.getInterfaceContract().getInterface().getOperations();
+        
+        // find out which policies are active
+        if (jmsBinding instanceof PolicySetAttachPoint) {
+            List<PolicySet> policySets = ((PolicySetAttachPoint)jmsBinding).getApplicablePolicySets();
+            for (PolicySet ps : policySets) {
+                for (Object p : ps.getPolicies()) {
+                    if (JMSTokenAuthenticationPolicy.class.isInstance(p)) {
+                        jmsTokenAuthenticationPolicy = (JMSTokenAuthenticationPolicy)p;
+                    }else {
+                        // etc. check for other types of policy being present
+                    }
+                }
+            }
+        }        
 
     }
 
@@ -184,6 +202,12 @@ public class JMSBindingListener implements MessageListener {
                 parameters.setCallbackID(callbackID);
             }
         }
+        
+        if (jmsTokenAuthenticationPolicy != null) {
+            String token = requestJMSMsg.getStringProperty(jmsTokenAuthenticationPolicy.getTokenName().toString());
+            tuscanyMsg.getHeaders().put(jmsTokenAuthenticationPolicy.getTokenName().toString(),
+                                        token);
+        }
     }
 
     protected void sendReply(Message requestJMSMsg, Object responsePayload, boolean isFault) {
diff --git a/java/sca/modules/binding-jms/src/main/java/org/apache/tuscany/sca/binding/jms/impl/JMSBinding.java b/java/sca/modules/binding-jms/src/main/java/org/apache/tuscany/sca/binding/jms/impl/JMSBinding.java
index bd493bb658..27d23c187e 100644
--- a/java/sca/modules/binding-jms/src/main/java/org/apache/tuscany/sca/binding/jms/impl/JMSBinding.java
+++ b/java/sca/modules/binding-jms/src/main/java/org/apache/tuscany/sca/binding/jms/impl/JMSBinding.java
@@ -25,6 +25,10 @@ import java.util.Map;
 import java.util.Set;
 
 import org.apache.tuscany.sca.assembly.Binding;
+import org.apache.tuscany.sca.policy.Intent;
+import org.apache.tuscany.sca.policy.IntentAttachPointType;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
 
 /**
  * Models a binding to a JMS resource.
@@ -32,7 +36,7 @@ import org.apache.tuscany.sca.assembly.Binding;
  * @version $Rev$ $Date$
  */
 
-public class JMSBinding implements Binding {
+public class JMSBinding implements Binding, PolicySetAttachPoint {
 
     @Override
     public Object clone() throws CloneNotSupportedException {
@@ -44,7 +48,15 @@ public class JMSBinding implements Binding {
     private String name = null;
     private boolean unresolved = false;
     private List<Object> extensions = new ArrayList<Object>();
-
+    
+    // properties required by PolicySetAttachPoint
+    private List<PolicySet> policySets = new ArrayList<PolicySet>();
+    private List<PolicySet> applicablePolicySets = new ArrayList<PolicySet>();
+    
+    // properties required by IntentAttachPoint 
+    private List<Intent> requiredIntents = new ArrayList<Intent>();
+    private IntentAttachPointType intentAttachPointType;
+    
     // Properties required to describe the JMS binding model
 
     private String correlationScheme = JMSBindingConstants.CORRELATE_MSG_ID;
@@ -569,4 +581,27 @@ public class JMSBinding implements Binding {
     public JMSBinding getResponseConnectionBinding() {
         return responseConnectionBinding;
     }
+    
+    // operations required by PolicySetAttachPoint
+    public List<PolicySet> getPolicySets() {
+        return policySets;
+    }
+    
+    public List<PolicySet> getApplicablePolicySets() {
+        return applicablePolicySets;
+    }     
+    
+    // operations required by IntentAttachPoint 
+    public List<Intent> getRequiredIntents() {
+        return requiredIntents;
+    } 
+
+    public IntentAttachPointType getType() {
+        return intentAttachPointType;
+    }
+    
+    public void setType(IntentAttachPointType intentAttachPointType) {
+        this.intentAttachPointType = intentAttachPointType;
+    }
+     
 }
diff --git a/java/sca/modules/binding-ws-axis2-policy/pom.xml b/java/sca/modules/binding-ws-axis2-policy/pom.xml
index a98e5519f7..7b3627c170 100644
--- a/java/sca/modules/binding-ws-axis2-policy/pom.xml
+++ b/java/sca/modules/binding-ws-axis2-policy/pom.xml
@@ -137,9 +137,9 @@
                 <configuration>
                     <instructions>
                         <Bundle-Version>${tuscany.version}</Bundle-Version>
-                        <Bundle-SymbolicName>org.apache.tuscany.sca.policy.security.ws</Bundle-SymbolicName>
+                        <Bundle-SymbolicName>org.apache.tuscany.sca.binding.ws.axis2.policy</Bundle-SymbolicName>
                         <Bundle-Description>${pom.name}</Bundle-Description>
-                        <Export-Package>org.apache.tuscany.sca.policy.security.ws*</Export-Package>
+                        <Export-Package>org.apache.tuscany.sca.binding.ws.axis2.policy*</Export-Package>
                     </instructions>
                 </configuration>
             </plugin>
diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationPolicy.java b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationPolicy.java
index 2b7d753023..8fecb84bb4 100644
--- a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationPolicy.java
+++ b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationPolicy.java
@@ -16,7 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.    
  */
-package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic;
+package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token;
 
 import javax.xml.namespace.QName;
 
@@ -29,33 +29,22 @@ import org.apache.tuscany.sca.policy.Policy;
  *
  * @version $Rev$ $Date$
  */
-public class Axis2BasicAuthenticationPolicy implements Policy {
-    public static final QName AXIS2_BASIC_AUTHENTICATION_POLICY_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "axis2BasicAuthentication");
-    public static final String AXIS2_BASIC_AUTHENTICATION_USERNAME = "username";
-    public static final String AXIS2_BASIC_AUTHENTICATION_PASSWORD = "password";
-    public static final String AXIS2_BASIC_AUTHENTICATION_HTTP_HEADER = "httpheader";
+public class Axis2TokenAuthenticationPolicy implements Policy {
+    public static final QName AXIS2_TOKEN_AUTHENTICATION_POLICY_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "axis2TokenAuthentication");
+    public static final String AXIS2_TOKEN_AUTHENTICATION_TOKEN_NAME = "tokenName";
 
-    private String userName;
-    private String password;
-    
-    public String getUserName() {
-        return userName;
-    }
-    
-    public void setUserName(String userName) {
-        this.userName = userName;
+    private QName tokenName;
+
+    public QName getTokenName() {
+        return tokenName;
     }
     
-    public String getPassword() {
-        return password;
+    public void setTokenName(QName tokenName) {
+        this.tokenName = tokenName;
     }
     
-    public void setPassword(String password) {
-        this.password = password;
-    }
-
     public QName getSchemaName() {
-        return AXIS2_BASIC_AUTHENTICATION_POLICY_QNAME;
+        return AXIS2_TOKEN_AUTHENTICATION_POLICY_QNAME;
     }
 
     public boolean isUnresolved() {
diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationPolicyProcessor.java b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationPolicyProcessor.java
index 019d59b80b..e8a7872858 100644
--- a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationPolicyProcessor.java
+++ b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationPolicyProcessor.java
@@ -16,7 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.    
  */
-package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic;
+package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token;
 
 import static javax.xml.stream.XMLStreamConstants.END_ELEMENT;
 import static javax.xml.stream.XMLStreamConstants.START_ELEMENT;
@@ -28,6 +28,7 @@ import javax.xml.stream.XMLStreamWriter;
 
 import org.apache.tuscany.sca.assembly.xml.Constants;
 import org.apache.tuscany.sca.contribution.ModelFactoryExtensionPoint;
+import org.apache.tuscany.sca.contribution.processor.BaseStAXArtifactProcessor;
 import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor;
 import org.apache.tuscany.sca.contribution.resolver.ModelResolver;
 import org.apache.tuscany.sca.contribution.service.ContributionReadException;
@@ -39,18 +40,18 @@ import org.apache.tuscany.sca.monitor.Monitor;
  *
  * @version $Rev$ $Date$
  */
-public class Axis2BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor<Axis2BasicAuthenticationPolicy> {
+public class Axis2TokenAuthenticationPolicyProcessor extends BaseStAXArtifactProcessor implements StAXArtifactProcessor<Axis2TokenAuthenticationPolicy> {
     
     public QName getArtifactType() {
-        return Axis2BasicAuthenticationPolicy.AXIS2_BASIC_AUTHENTICATION_POLICY_QNAME;
+        return Axis2TokenAuthenticationPolicy.AXIS2_TOKEN_AUTHENTICATION_POLICY_QNAME;
     }
     
-    public Axis2BasicAuthenticationPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) {
+    public Axis2TokenAuthenticationPolicyProcessor(ModelFactoryExtensionPoint modelFactories, Monitor monitor) {
     }
 
     
-    public Axis2BasicAuthenticationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException {
-        Axis2BasicAuthenticationPolicy policy = new Axis2BasicAuthenticationPolicy();
+    public Axis2TokenAuthenticationPolicy read(XMLStreamReader reader) throws ContributionReadException, XMLStreamException {
+        Axis2TokenAuthenticationPolicy policy = new Axis2TokenAuthenticationPolicy();
         int event = reader.getEventType();
         QName name = null;
         
@@ -60,12 +61,8 @@ public class Axis2BasicAuthenticationPolicyProcessor implements StAXArtifactProc
                 case START_ELEMENT : {
                     name = reader.getName();
                     if ( name.equals(getArtifactType()) ) {
-                        // no attributes at the moment
-                    } else if ( Axis2BasicAuthenticationPolicy.AXIS2_BASIC_AUTHENTICATION_USERNAME.equals(name.getLocalPart()) ) {
-                        policy.setUserName(reader.getElementText());
-                    } else if ( Axis2BasicAuthenticationPolicy.AXIS2_BASIC_AUTHENTICATION_PASSWORD.equals(name.getLocalPart()) ) {
-                        policy.setPassword(reader.getElementText());
-                    }
+                        policy.setTokenName(getQName(reader, Axis2TokenAuthenticationPolicy.AXIS2_TOKEN_AUTHENTICATION_TOKEN_NAME));
+                    } 
                     break;
                 }
             }
@@ -85,7 +82,7 @@ public class Axis2BasicAuthenticationPolicyProcessor implements StAXArtifactProc
         return policy;
     }
 
-    public void write(Axis2BasicAuthenticationPolicy policy, XMLStreamWriter writer) 
+    public void write(Axis2TokenAuthenticationPolicy policy, XMLStreamWriter writer) 
         throws ContributionWriteException, XMLStreamException {
         String prefix = "tuscany";
         writer.writeStartElement(prefix, 
@@ -93,30 +90,22 @@ public class Axis2BasicAuthenticationPolicyProcessor implements StAXArtifactProc
                                  getArtifactType().getNamespaceURI());
         writer.writeNamespace("tuscany", Constants.SCA10_TUSCANY_NS);
 
-        if ( policy.getUserName() != null ) {
+        if ( policy.getTokenName() != null ) {
             writer.writeStartElement(prefix, 
-                                     Axis2BasicAuthenticationPolicy.AXIS2_BASIC_AUTHENTICATION_USERNAME,
+                                     Axis2TokenAuthenticationPolicy.AXIS2_TOKEN_AUTHENTICATION_TOKEN_NAME,
                                      getArtifactType().getNamespaceURI());
-            writer.writeCharacters(policy.getUserName());
+            writer.writeCharacters(policy.getTokenName().toString());
             writer.writeEndElement();
-        }
-        
-        if ( policy.getPassword() != null ) {
-            writer.writeStartElement(prefix, 
-                                     Axis2BasicAuthenticationPolicy.AXIS2_BASIC_AUTHENTICATION_PASSWORD,
-                                     getArtifactType().getNamespaceURI());
-            writer.writeCharacters(policy.getPassword());
-            writer.writeEndElement();
-        }        
+        }      
         
         writer.writeEndElement();
     }
 
-    public Class<Axis2BasicAuthenticationPolicy> getModelType() {
-        return Axis2BasicAuthenticationPolicy.class;
+    public Class<Axis2TokenAuthenticationPolicy> getModelType() {
+        return Axis2TokenAuthenticationPolicy.class;
     }
 
-    public void resolve(Axis2BasicAuthenticationPolicy arg0, ModelResolver arg1) throws ContributionResolveException {
+    public void resolve(Axis2TokenAuthenticationPolicy arg0, ModelResolver arg1) throws ContributionResolveException {
 
     }
     
diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationPolicyProviderFactory.java b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationPolicyProviderFactory.java
index 5ec4cf9baa..cef881af30 100644
--- a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationPolicyProviderFactory.java
+++ b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationPolicyProviderFactory.java
@@ -17,7 +17,7 @@
  * under the License.    
  */
 
-package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic;
+package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token;
 
 import org.apache.tuscany.sca.assembly.Binding;
 import org.apache.tuscany.sca.assembly.Implementation;
@@ -31,10 +31,10 @@ import org.apache.tuscany.sca.runtime.RuntimeComponentService;
 /**
  * @version $Rev$ $Date$
  */
-public class Axis2BasicAuthenticationPolicyProviderFactory implements PolicyProviderFactory<Axis2BasicAuthenticationPolicy> {
+public class Axis2TokenAuthenticationPolicyProviderFactory implements PolicyProviderFactory<Axis2TokenAuthenticationPolicy> {
     private ExtensionPointRegistry registry;
     
-    public Axis2BasicAuthenticationPolicyProviderFactory(ExtensionPointRegistry registry) {
+    public Axis2TokenAuthenticationPolicyProviderFactory(ExtensionPointRegistry registry) {
         super();
         this.registry = registry;
     }
@@ -43,7 +43,7 @@ public class Axis2BasicAuthenticationPolicyProviderFactory implements PolicyProv
      * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createImplementationPolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.assembly.Implementation)
      */
     public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) {
-        return null;//new WSBasicAuthenticationImplementationPolicyProvider(component, implementation);
+        return null;//new TokenAuthenticationImplementationPolicyProvider(component, implementation);
     }
 
     /**
@@ -52,7 +52,7 @@ public class Axis2BasicAuthenticationPolicyProviderFactory implements PolicyProv
     public PolicyProvider createReferencePolicyProvider(RuntimeComponent component,
                                                         RuntimeComponentReference reference,
                                                         Binding binding) {
-        return new Axis2BasicAuthenticationReferencePolicyProvider(component, reference, binding);
+        return new Axis2TokenAuthenticationReferencePolicyProvider(component, reference, binding);
     }
 
     /**
@@ -61,7 +61,7 @@ public class Axis2BasicAuthenticationPolicyProviderFactory implements PolicyProv
     public PolicyProvider createServicePolicyProvider(RuntimeComponent component,
                                                       RuntimeComponentService service,
                                                       Binding binding) {
-        return new Axis2BasicAuthenticationServicePolicyProvider(component, service, binding);
+        return new Axis2TokenAuthenticationServicePolicyProvider(component, service, binding);
     }
 
     /**
diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationReferencePolicyInterceptor.java b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationReferencePolicyInterceptor.java
index 6bd1eed1bd..1ed80ba4da 100644
--- a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationReferencePolicyInterceptor.java
+++ b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationReferencePolicyInterceptor.java
@@ -16,7 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.    
  */
-package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic;
+package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token;
 
 import java.util.logging.ConsoleHandler;
 import java.util.logging.Handler;
@@ -25,7 +25,15 @@ import java.util.logging.Logger;
 
 import javax.xml.namespace.QName;
 
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.OMText;
+import org.apache.axiom.om.impl.llom.util.AXIOMUtil;
+import org.apache.axiom.soap.SOAPFactory;
 import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2SOAPHeaderString;
 import org.apache.tuscany.sca.interfacedef.Operation;
 import org.apache.tuscany.sca.invocation.Interceptor;
 import org.apache.tuscany.sca.invocation.Invoker;
@@ -39,16 +47,15 @@ import org.apache.tuscany.sca.policy.PolicySet;
  *
  * @version $Rev$ $Date$
  */
-public class Axis2BasicAuthenticationReferencePolicyInterceptor implements Interceptor {
-    public static final QName policySetQName = new QName(Constants.SCA10_TUSCANY_NS, "wsBasicAuthentication");
+public class Axis2TokenAuthenticationReferencePolicyInterceptor implements Interceptor {
 
     private Invoker next;
     private Operation operation;
     private PolicySet policySet = null;
     private String context;
-    private Axis2BasicAuthenticationPolicy policy;
+    private Axis2TokenAuthenticationPolicy policy;
 
-    public Axis2BasicAuthenticationReferencePolicyInterceptor(String context, Operation operation, PolicySet policySet) {
+    public Axis2TokenAuthenticationReferencePolicyInterceptor(String context, Operation operation, PolicySet policySet) {
         super();
         this.operation = operation;
         this.policySet = policySet;
@@ -59,8 +66,8 @@ public class Axis2BasicAuthenticationReferencePolicyInterceptor implements Inter
     private void init() {
         if (policySet != null) {
             for (Object policyObject : policySet.getPolicies()){
-                if (policyObject instanceof Axis2BasicAuthenticationPolicy){
-                    policy = (Axis2BasicAuthenticationPolicy)policyObject;
+                if (policyObject instanceof Axis2TokenAuthenticationPolicy){
+                    policy = (Axis2TokenAuthenticationPolicy)policyObject;
                     break;
                 }
             }
@@ -68,9 +75,19 @@ public class Axis2BasicAuthenticationReferencePolicyInterceptor implements Inter
     }
 
     public Message invoke(Message msg) {
-        // TODO - We might use interceptors to do the Axis2 config
-        //        if we can change the infrastructure split the 
-        //        invoker up
+        // could call out here to some 3rd party system to get credentials
+        
+        if ( policy.getTokenName() != null){
+            // create Axis representation of header
+            Axis2SOAPHeaderString header = new Axis2SOAPHeaderString();
+            header.setHeaderName(policy.getTokenName());
+            header.setHeaderString("SomeWSAuthorizationToken");
+    
+            // add header to Tuscany message
+            msg.getHeaders().put(policy.getTokenName().toString(),
+                                 header);  
+        }
+        
         return getNext().invoke(msg);
     }
 
diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationReferencePolicyProvider.java b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationReferencePolicyProvider.java
index 530d99c01e..147fd1f42a 100644
--- a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationReferencePolicyProvider.java
+++ b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationReferencePolicyProvider.java
@@ -17,7 +17,7 @@
  * under the License.    
  */
 
-package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic;
+package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token;
 
 import java.util.List;
 
@@ -35,12 +35,12 @@ import org.apache.tuscany.sca.runtime.RuntimeComponentReference;
 /**
  * @version $Rev$ $Date$
  */
-public class Axis2BasicAuthenticationReferencePolicyProvider implements PolicyProvider {
+public class Axis2TokenAuthenticationReferencePolicyProvider implements PolicyProvider {
     private RuntimeComponent component;
     private RuntimeComponentReference reference;
     private Binding binding;
 
-    public Axis2BasicAuthenticationReferencePolicyProvider(RuntimeComponent component,
+    public Axis2TokenAuthenticationReferencePolicyProvider(RuntimeComponent component,
                                              RuntimeComponentReference reference,
                                              Binding binding) {
         super();
@@ -54,7 +54,7 @@ public class Axis2BasicAuthenticationReferencePolicyProvider implements PolicyPr
             List<PolicySet> policySets = ((PolicySetAttachPoint)binding).getApplicablePolicySets();
             for (PolicySet ps : policySets) {
                 for (Object p : ps.getPolicies()) {
-                    if (Axis2BasicAuthenticationPolicy.class.isInstance(p)) {
+                    if (Axis2TokenAuthenticationPolicy.class.isInstance(p)) {
                         return ps;
                     }
                 }
@@ -77,7 +77,7 @@ public class Axis2BasicAuthenticationReferencePolicyProvider implements PolicyPr
      */
     public Interceptor createInterceptor(Operation operation) {
         PolicySet ps = findPolicySet();
-        return ps == null ? null : new Axis2BasicAuthenticationReferencePolicyInterceptor(getContext(), operation, ps);
+        return ps == null ? null : new Axis2TokenAuthenticationReferencePolicyInterceptor(getContext(), operation, ps);
     }
 
     /**
diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationServicePolicyInterceptor.java b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationServicePolicyInterceptor.java
new file mode 100644
index 0000000000..9ff7b82be2
--- /dev/null
+++ b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationServicePolicyInterceptor.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token;
+
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.tuscany.sca.assembly.xml.Constants;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2SOAPHeaderString;
+import org.apache.tuscany.sca.interfacedef.Operation;
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Invoker;
+import org.apache.tuscany.sca.invocation.Message;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.SecurityUtil;
+import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPrincipal;
+import org.apache.tuscany.sca.policy.authentication.token.TokenPrincipal;
+
+/**
+ * Policy handler to handle PolicySet related to Logging with the QName
+ * {http://tuscany.apache.org/xmlns/sca/1.0/impl/java}LoggingPolicy
+ *
+ * @version $Rev$ $Date$
+ */
+public class Axis2TokenAuthenticationServicePolicyInterceptor implements Interceptor {
+    private Invoker next;
+    private Operation operation;
+    private PolicySet policySet = null;
+    private String context;
+    private Axis2TokenAuthenticationPolicy policy;
+
+    public Axis2TokenAuthenticationServicePolicyInterceptor(String context, Operation operation, PolicySet policySet) {
+        super();
+        this.operation = operation;
+        this.policySet = policySet;
+        this.context = context;
+        init();
+    }
+
+    private void init() {
+        if (policySet != null) {
+            for (Object policyObject : policySet.getPolicies()){
+                if (policyObject instanceof Axis2TokenAuthenticationPolicy){
+                    policy = (Axis2TokenAuthenticationPolicy)policyObject;
+                    break;
+                }
+            }
+        }
+    }
+
+    public Message invoke(Message msg) {
+        
+        Axis2SOAPHeaderString header = (Axis2SOAPHeaderString)msg.getHeaders().get(policy.getTokenName().toString());
+        
+        if (header != null) {
+            System.out.println("Token: " + header.getHeaderString());
+            
+            // call out here to some 3rd party system to do whatever you 
+            // need to turn header credentials into an authenticated principal  
+            
+            Subject subject = SecurityUtil.getSubject(msg);
+            Principal principal = new TokenPrincipal(header.getHeaderString());
+            subject.getPrincipals().add(principal);            
+        }
+    
+        return getNext().invoke(msg);
+    }
+
+    public Invoker getNext() {
+        return next;
+    }
+
+    public void setNext(Invoker next) {
+        this.next = next;
+    }
+}
diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationServicePolicyProvider.java b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationServicePolicyProvider.java
index 9c1a9704d3..e3e2a4b9a0 100644
--- a/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationServicePolicyProvider.java
+++ b/java/sca/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/token/Axis2TokenAuthenticationServicePolicyProvider.java
@@ -17,7 +17,7 @@
  * under the License.    
  */
 
-package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic;
+package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token;
 
 import java.util.List;
 
@@ -35,12 +35,12 @@ import org.apache.tuscany.sca.runtime.RuntimeComponentService;
 /**
  * @version $Rev$ $Date$
  */
-public class Axis2BasicAuthenticationServicePolicyProvider implements PolicyProvider {
+public class Axis2TokenAuthenticationServicePolicyProvider implements PolicyProvider {
     private RuntimeComponent component;
     private RuntimeComponentService service;
     private Binding binding;
 
-    public Axis2BasicAuthenticationServicePolicyProvider(RuntimeComponent component, RuntimeComponentService service, Binding binding) {
+    public Axis2TokenAuthenticationServicePolicyProvider(RuntimeComponent component, RuntimeComponentService service, Binding binding) {
         super();
         this.component = component;
         this.service = service;
@@ -52,7 +52,7 @@ public class Axis2BasicAuthenticationServicePolicyProvider implements PolicyProv
             List<PolicySet> policySets = ((PolicySetAttachPoint)binding).getApplicablePolicySets();
             for (PolicySet ps : policySets) {
                 for (Object p : ps.getPolicies()) {
-                    if (Axis2BasicAuthenticationPolicy.class.isInstance(p)) {
+                    if (Axis2TokenAuthenticationPolicy.class.isInstance(p)) {
                         return ps;
                     }
                 }
@@ -69,14 +69,13 @@ public class Axis2BasicAuthenticationServicePolicyProvider implements PolicyProv
             + binding.getClass().getName()
             + ")";
     }
- 
 
     /**
      * @see org.apache.tuscany.sca.provider.PolicyProvider#createInterceptor(org.apache.tuscany.sca.interfacedef.Operation)
      */
     public Interceptor createInterceptor(Operation operation) {
         PolicySet ps = findPolicySet();
-        return ps == null ? null : new Axis2BasicAuthenticationReferencePolicyInterceptor(getContext(), operation, ps);
+        return ps == null ? null : new Axis2TokenAuthenticationServicePolicyInterceptor(getContext(), operation, ps);
     }
 
     /**
diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/java/sca/modules/binding-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
index 7a223848fa..96782b74bf 100644
--- a/java/sca/modules/binding-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
+++ b/java/sca/modules/binding-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
@@ -17,4 +17,5 @@
 

 # Implementation class for the artifact processor extension

 org.apache.tuscany.sca.binding.ws.axis2.policy.configuration.Axis2ConfigParamPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#wsConfigParam,model=org.apache.tuscany.sca.binding.ws.axis2.policy.configuration.Axis2ConfigParamPolicy

-org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic.Axis2BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#axis2BasicAuthentication,model=org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic.Axis2BasicAuthenticationPolicy

+org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token.Axis2TokenAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#axis2TokenAuthentication,model=org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token.Axis2TokenAuthenticationPolicy

+org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2HeaderPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#axis2Header,model=org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2HeaderPolicy

diff --git a/java/sca/modules/binding-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory b/java/sca/modules/binding-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
index 7d7f4299f4..ced48cf236 100644
--- a/java/sca/modules/binding-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
+++ b/java/sca/modules/binding-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
@@ -16,4 +16,5 @@
 # under the License. 

 

 # Implementation class for the policy extension

-org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic.Axis2BasicAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic.Axis2BasicAuthenticationPolicy
\ No newline at end of file
+org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token.Axis2TokenAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token.Axis2TokenAuthenticationPolicy

+org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2HeaderPolicyProviderFactory;model=org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2HeaderPolicy
\ No newline at end of file
diff --git a/java/sca/modules/binding-ws-axis2/pom.xml b/java/sca/modules/binding-ws-axis2/pom.xml
index c0a5fe8465..519f9d681a 100644
--- a/java/sca/modules/binding-ws-axis2/pom.xml
+++ b/java/sca/modules/binding-ws-axis2/pom.xml
@@ -95,11 +95,11 @@
             <version>1.4-SNAPSHOT</version>
         </dependency>
 
-        <!-- dependency>
+        <dependency>
             <groupId>org.apache.tuscany.sca</groupId>
             <artifactId>tuscany-binding-ws-axis2-policy</artifactId>
             <version>1.4-SNAPSHOT</version>
-        </dependency-->
+        </dependency>
 
         <dependency>
             <groupId>org.apache.axis2</groupId>
diff --git a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2BindingInvoker.java b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2BindingInvoker.java
index 81db43c701..d468370a7e 100644
--- a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2BindingInvoker.java
+++ b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2BindingInvoker.java
@@ -21,6 +21,7 @@ package org.apache.tuscany.sca.binding.ws.axis2;
 import java.security.AccessController;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
 import java.util.List;
 
 import javax.xml.namespace.QName;
@@ -41,7 +42,10 @@ import org.apache.axis2.transport.http.HTTPConstants;
 import org.apache.axis2.wsdl.WSDLConstants;
 import org.apache.tuscany.sca.assembly.xml.Constants;
 import org.apache.tuscany.sca.binding.ws.WebServiceBinding;
-import org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic.Axis2BasicAuthenticationReferenceBindingConfigurator;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token.Axis2TokenAuthenticationPolicy;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.configurator.Axis2BindingBasicAuthenticationConfigurator;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.configurator.Axis2BindingHeaderConfigurator;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2HeaderPolicy;
 import org.apache.tuscany.sca.interfacedef.util.FaultException;
 import org.apache.tuscany.sca.invocation.DataExchangeSemantics;
 import org.apache.tuscany.sca.invocation.Invoker;
@@ -74,7 +78,10 @@ public class Axis2BindingInvoker implements Invoker, DataExchangeSemantics {
     private SOAPFactory soapFactory;    
     private List<PolicyHandler> policyHandlerList = null;
     private WebServiceBinding wsBinding;
+    
     private BasicAuthenticationPolicy basicAuthenticationPolicy = null;
+    private Axis2TokenAuthenticationPolicy axis2TokenAuthenticationPolicy = null;
+    private List<Axis2HeaderPolicy> axis2HeaderPolicies = new ArrayList<Axis2HeaderPolicy>();
 
     public Axis2BindingInvoker(Axis2ServiceClient serviceClient,
                                QName wsdlOperationName,
@@ -96,7 +103,11 @@ public class Axis2BindingInvoker implements Invoker, DataExchangeSemantics {
                 for (Object p : ps.getPolicies()) {
                     if (BasicAuthenticationPolicy.class.isInstance(p)) {
                         basicAuthenticationPolicy = (BasicAuthenticationPolicy)p;
-                    } else {
+                    } else if (Axis2TokenAuthenticationPolicy.class.isInstance(p)) {
+                        axis2TokenAuthenticationPolicy = (Axis2TokenAuthenticationPolicy)p;
+                    } else if (Axis2HeaderPolicy.class.isInstance(p)) {
+                        axis2HeaderPolicies.add((Axis2HeaderPolicy)p);
+                    }else {
                         // etc. check for other types of policy being present
                     }
                 }
@@ -138,8 +149,17 @@ public class Axis2BindingInvoker implements Invoker, DataExchangeSemantics {
             policyHandler.beforeInvoke(msg, requestMC, operationClient);
         }
         
+        // set policy specified headers
+        for (Axis2HeaderPolicy policy : axis2HeaderPolicies){
+            Axis2BindingHeaderConfigurator.setHeader(requestMC, msg, policy.getHeaderName());
+        }
+        
         if (basicAuthenticationPolicy != null) {
-            Axis2BasicAuthenticationReferenceBindingConfigurator.setOperationOptions(operationClient, msg, basicAuthenticationPolicy);
+            Axis2BindingBasicAuthenticationConfigurator.setOperationOptions(operationClient, msg, basicAuthenticationPolicy);
+        }
+        
+        if (axis2TokenAuthenticationPolicy != null) {
+            Axis2BindingHeaderConfigurator.setHeader(requestMC, msg, axis2TokenAuthenticationPolicy.getTokenName());
         }
         
         // Allow privileged access to read properties. Requires PropertiesPermission read in
@@ -238,6 +258,11 @@ public class Axis2BindingInvoker implements Invoker, DataExchangeSemantics {
             sh.addChild(epr);
             requestMC.setFrom(fromEPR);
         }
+        
+        // Set any message headers required by policy
+        // Get the header from the tuscany message
+        // If its not already an OM convert it to OM
+        // add it to the envelope header
 
         // if target endpoint was not specified when this invoker was created, 
         // use dynamically specified target endpoint passed in on this call
diff --git a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceClient.java b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceClient.java
index 438e989d85..0d3916019f 100644
--- a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceClient.java
+++ b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceClient.java
@@ -69,12 +69,12 @@ import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
 import org.apache.commons.httpclient.params.HttpConnectionManagerParams;
 import org.apache.tuscany.sca.assembly.AbstractContract;
 import org.apache.tuscany.sca.binding.ws.WebServiceBinding;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.configuration.Axis2ConfigParamPolicy;
 import org.apache.tuscany.sca.interfacedef.Operation;
 import org.apache.tuscany.sca.invocation.Invoker;
 import org.apache.tuscany.sca.invocation.MessageFactory;
 import org.apache.tuscany.sca.policy.PolicySet;
 import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
-import org.apache.tuscany.sca.policy.security.ws.Axis2ConfigParamPolicy;
 import org.apache.tuscany.sca.policy.util.PolicyHandler;
 import org.apache.tuscany.sca.policy.util.PolicyHandlerTuple;
 import org.apache.tuscany.sca.policy.util.PolicyHandlerUtils;
diff --git a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceProvider.java b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceProvider.java
index 01eddb89d1..c51a5bad29 100644
--- a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceProvider.java
+++ b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceProvider.java
@@ -74,7 +74,12 @@ import org.apache.tuscany.sca.assembly.AbstractContract;
 import org.apache.tuscany.sca.assembly.Binding;
 import org.apache.tuscany.sca.binding.ws.WebServiceBinding;
 import org.apache.tuscany.sca.binding.ws.axis2.Axis2ServiceClient.URIResolverImpl;
-import org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic.Axis2BasicAuthenticationServiceBindingConfigurator;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.token.Axis2TokenAuthenticationPolicy;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.configuration.Axis2ConfigParamPolicy;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.configurator.Axis2BindingBasicAuthenticationConfigurator;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.configurator.Axis2BindingHeaderConfigurator;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2HeaderPolicy;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2SOAPHeaderString;
 import org.apache.tuscany.sca.core.assembly.EndpointReferenceImpl;
 import org.apache.tuscany.sca.host.http.ServletHost;
 import org.apache.tuscany.sca.interfacedef.Interface;
@@ -86,7 +91,6 @@ import org.apache.tuscany.sca.invocation.MessageFactory;
 import org.apache.tuscany.sca.policy.PolicySet;
 import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
 import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy;
-import org.apache.tuscany.sca.policy.security.ws.Axis2ConfigParamPolicy;
 import org.apache.tuscany.sca.policy.util.PolicyHandler;
 import org.apache.tuscany.sca.policy.util.PolicyHandlerTuple;
 import org.apache.tuscany.sca.policy.util.PolicyHandlerUtils;
@@ -126,7 +130,10 @@ public class Axis2ServiceProvider {
     private List<PolicyHandlerTuple> policyHandlerClassnames = null;
     private List<PolicyHandler> policyHandlerList = new ArrayList<PolicyHandler>();
     private Map<String, Port> urlMap = new HashMap<String, Port>();
+    
     private BasicAuthenticationPolicy basicAuthenticationPolicy = null;
+    private Axis2TokenAuthenticationPolicy axis2TokenAuthenticationPolicy = null;
+    private List<Axis2HeaderPolicy> axis2HeaderPolicies = new ArrayList<Axis2HeaderPolicy>();
 
     public static final QName QNAME_WSA_ADDRESS =
         new QName(AddressingConstants.Final.WSA_NAMESPACE, AddressingConstants.EPR_ADDRESS);
@@ -207,6 +214,10 @@ public class Axis2ServiceProvider {
                 for (Object p : ps.getPolicies()) {
                     if (BasicAuthenticationPolicy.class.isInstance(p)) {
                         basicAuthenticationPolicy = (BasicAuthenticationPolicy)p;
+                    } else if (Axis2TokenAuthenticationPolicy.class.isInstance(p)) {
+                        axis2TokenAuthenticationPolicy = (Axis2TokenAuthenticationPolicy)p;
+                    } else if (Axis2HeaderPolicy.class.isInstance(p)) {
+                        axis2HeaderPolicies.add((Axis2HeaderPolicy)p);
                     } else {
                         // etc. check for other types of policy being present
                     }
@@ -640,6 +651,11 @@ public class Axis2ServiceProvider {
         String callbackAddress = null;
         String callbackID = null;
         Object conversationID = null;
+        
+        // create a message object and set the args as its body
+        Message msg = messageFactory.createMessage();
+        msg.setBody(args);
+        msg.setOperation(op);
 
         //FIXME: can we use the Axis2 addressing support for this?
         SOAPHeader header = inMC.getEnvelope().getHeader();
@@ -668,12 +684,20 @@ public class Axis2ServiceProvider {
                     }
                 }
             }
+            
+            // get policy specified headers
+            for (Axis2HeaderPolicy policy : axis2HeaderPolicies){
+                //Axis2BindingHeaderConfigurator.getHeader(inMC, msg, policy.getHeaderName());
+            }
+            
+            if (axis2TokenAuthenticationPolicy != null) {
+                Axis2SOAPHeaderString tokenHeader = new Axis2SOAPHeaderString();
+                Axis2BindingHeaderConfigurator.getHeader(inMC, 
+                                                         msg, 
+                                                         axis2TokenAuthenticationPolicy.getTokenName(), 
+                                                         tokenHeader);
+            }
         }
-
-        // create a message object and set the args as its body
-        Message msg = messageFactory.createMessage();
-        msg.setBody(args);
-        msg.setOperation(op);
         
         //fill message with QoS context info 
         fillQoSContext(msg, inMC);
@@ -705,7 +729,7 @@ public class Axis2ServiceProvider {
         }
                 
         if (basicAuthenticationPolicy != null) {
-            Axis2BasicAuthenticationServiceBindingConfigurator.parseHTTPHeader(inMC, msg, basicAuthenticationPolicy);
+            Axis2BindingBasicAuthenticationConfigurator.parseHTTPHeader(inMC, msg, basicAuthenticationPolicy);
         }
         
         // find the runtime wire and invoke it with the message
diff --git a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationReferenceBindingConfigurator.java b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationReferenceBindingConfigurator.java
deleted file mode 100644
index 2bc6bff3c7..0000000000
--- a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationReferenceBindingConfigurator.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.    
- */
-
-package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.client.OperationClient;
-import org.apache.axis2.client.ServiceClient;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.context.MessageContext;
-import org.apache.axis2.description.Parameter;
-import org.apache.axis2.transport.http.HTTPConstants;
-import org.apache.axis2.transport.http.HttpTransportProperties;
-import org.apache.axis2.transport.http.HttpTransportProperties.Authenticator;
-import org.apache.tuscany.sca.invocation.Message;
-import org.apache.tuscany.sca.policy.Policy;
-import org.apache.tuscany.sca.policy.PolicySet;
-import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy;
-import org.osoa.sca.ServiceRuntimeException;
-
-/**
- * Policy handler to handle PolicySet that contain Axis2ConfigParamPolicy instances
- *
- * @version $Rev$ $Date$
- */
-public class Axis2BasicAuthenticationReferenceBindingConfigurator {
-    
-    
-    public static void setOperationOptions(OperationClient operationClient, Message msg, BasicAuthenticationPolicy policy) {
-        
-        // get security context
-        String securityPrincipal = (String)msg.getQoSContext().get(Message.QOS_CTX_SECURITY_PRINCIPAL);
-        String username = null;
-        String password = null;
-        
-        // could use the security principal to look up basic auth credentials
-        if (  securityPrincipal != null ) {
-            // look up usename and password based on security principal
-        } else {
-           // take the message username and password
-            username = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME);
-            password = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD);
-            
-            if (username == null){
-                username = policy.getUserName();
-                password = policy.getPassword();
-            }
-        }
-        
-        if (username == null || password == null ){
-            throw new ServiceRuntimeException("Basic authenication username or password is null");
-        }
-        
-        HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
-        List<String> auth = new ArrayList<String>();
-        auth.add(Authenticator.BASIC);
-        authenticator.setAuthSchemes(auth);
-        authenticator.setPreemptiveAuthentication(true);
-        authenticator.setUsername(username);
-        authenticator.setPassword(password);
-    
-        operationClient.getOptions().setProperty(HTTPConstants.AUTHENTICATE,
-                                                 authenticator);
-    }
-
-}
diff --git a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationServiceBindingConfigurator.java b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingBasicAuthenticationConfigurator.java
index 6d311faec5..58f7c11f60 100644
--- a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/Axis2BasicAuthenticationServiceBindingConfigurator.java
+++ b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingBasicAuthenticationConfigurator.java
@@ -17,11 +17,15 @@
  * under the License.    
  */
 
-package org.apache.tuscany.sca.binding.ws.axis2.policy.authentication.basic;
+package org.apache.tuscany.sca.binding.ws.axis2.policy.configurator;
 
 import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Map;
 
+import javax.security.auth.Subject;
+
 import org.apache.axiom.om.util.Base64;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.client.OperationClient;
@@ -29,20 +33,58 @@ import org.apache.axis2.client.ServiceClient;
 import org.apache.axis2.context.ConfigurationContext;
 import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.description.Parameter;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.axis2.transport.http.HttpTransportProperties;
+import org.apache.axis2.transport.http.HttpTransportProperties.Authenticator;
 import org.apache.tuscany.sca.invocation.Message;
+import org.apache.tuscany.sca.policy.Policy;
 import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.SecurityUtil;
 import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy;
-import org.apache.tuscany.sca.policy.util.PolicyHandler;
+import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPrincipal;
+import org.osoa.sca.ServiceRuntimeException;
 
 /**
- * Deal with basic authentication configuration at the service
+ * Policy handler to handle PolicySet that contain Axis2ConfigParamPolicy instances
  *
  * @version $Rev$ $Date$
  */
-public class Axis2BasicAuthenticationServiceBindingConfigurator {
+public class Axis2BindingBasicAuthenticationConfigurator {
+    
+    
+    public static void setOperationOptions(OperationClient operationClient, Message msg, BasicAuthenticationPolicy policy) {
+        String username = null;
+        String password = null;
         
+        // get the security context
+        Subject subject = SecurityUtil.getSubject(msg);
+        BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject, 
+                                                                           BasicAuthenticationPrincipal.class);
+
+        // could use the security principal to look up basic auth credentials
+        if (  principal != null ) {
+            username = ((BasicAuthenticationPrincipal)principal).getName();
+            password = ((BasicAuthenticationPrincipal)principal).getPassword();
+        }
+        
+        if (username == null || password == null ){
+            throw new ServiceRuntimeException("Basic authentication username or password is null");
+        }
+        
+        HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
+        List<String> auth = new ArrayList<String>();
+        auth.add(Authenticator.BASIC);
+        authenticator.setAuthSchemes(auth);
+        authenticator.setPreemptiveAuthentication(true);
+        authenticator.setUsername(username);
+        authenticator.setPassword(password);
+    
+        operationClient.getOptions().setProperty(HTTPConstants.AUTHENTICATE,
+                                                 authenticator);
+    }
+    
     public static void parseHTTPHeader(MessageContext messageContext, Message msg, BasicAuthenticationPolicy policy) {
-          
+        
         Map httpHeaderProperties = (Map)messageContext.getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
                          
         String basicAuthString = (String)httpHeaderProperties.get("Authorization");
@@ -67,11 +109,11 @@ public class Axis2BasicAuthenticationServiceBindingConfigurator {
             }
         }
         
-        // set the security context. 
-        msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME,
-                                username);
-        msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD,
-                                password);
+        // get the security context
+        Subject subject = SecurityUtil.getSubject(msg);
+        BasicAuthenticationPrincipal principal =  new BasicAuthenticationPrincipal(username,
+                                                                                   password);
+        subject.getPrincipals().add(principal);
 
         // Set the http headers
         // This is just an experiment, looking at the alternatives to extracting
@@ -79,8 +121,8 @@ public class Axis2BasicAuthenticationServiceBindingConfigurator {
         // could be deferred to the interceptor. Asymetric though when compared with the
         // reference support. 
         // how to defined the scheme for message headers?
-        msg.getHeader().put("httpheaders", httpHeaderProperties); 
+        msg.getHeaders().put("httpheaders", httpHeaderProperties); 
     }    
-    
-    
+        
+
 }
diff --git a/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingHeaderConfigurator.java b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingHeaderConfigurator.java
new file mode 100644
index 0000000000..0c3577104b
--- /dev/null
+++ b/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/configurator/Axis2BindingHeaderConfigurator.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package org.apache.tuscany.sca.binding.ws.axis2.policy.configurator;
+
+
+
+import javax.xml.namespace.QName;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axis2.context.MessageContext;
+import org.apache.tuscany.sca.binding.ws.axis2.policy.header.Axis2SOAPHeader;
+import org.apache.tuscany.sca.invocation.Message;
+
+
+/**
+ * Policy handler to handle PolicySet that contain Axis2ConfigParamPolicy instances
+ *
+ * @version $Rev$ $Date$
+ */
+public class Axis2BindingHeaderConfigurator {
+    
+    
+    public static void setHeader(MessageContext messageContext, Message msg, QName headerQName) {
+        
+        if (headerQName != null){
+            SOAPEnvelope envelope = messageContext.getEnvelope();
+            OMFactory factory = envelope.getOMFactory();
+            SOAPHeader soapHeader = envelope.getHeader();
+            
+            Axis2SOAPHeader header = (Axis2SOAPHeader)msg.getHeaders().get(headerQName.toString());
+            
+            soapHeader.addChild(header.getAsSOAPHeaderBlock(factory));
+        }
+    }
+    
+    public static void getHeader(MessageContext messageContext, Message msg, QName headerQName, Axis2SOAPHeader header) {
+        
+        SOAPEnvelope sev = messageContext.getEnvelope();
+        SOAPHeader sh = sev.getHeader();
+        OMElement omHeader = sh.getFirstChildWithName(headerQName);
+        
+        header.setAsSOAPHeaderBlock(omHeader);
+        
+        msg.getHeaders().put(headerQName.toString(), header); 
+    }  
+
+}
diff --git a/java/sca/modules/binding-ws-wsdlgen/pom.xml b/java/sca/modules/binding-ws-wsdlgen/pom.xml
index a06039d1b4..fbc6dc4082 100644
--- a/java/sca/modules/binding-ws-wsdlgen/pom.xml
+++ b/java/sca/modules/binding-ws-wsdlgen/pom.xml
@@ -70,11 +70,6 @@
             <artifactId>tuscany-databinding</artifactId>
             <version>1.4-SNAPSHOT</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.tuscany.sca</groupId>
-            <artifactId>tuscany-policy-security-ws</artifactId>
-            <version>1.4-SNAPSHOT</version>
-        </dependency>
 
         <dependency>
             <groupId>junit</groupId>
diff --git a/java/sca/modules/binding-ws-wsdlgen/src/main/java/org/apache/tuscany/sca/binding/ws/wsdlgen/WSDLServiceGenerator.java b/java/sca/modules/binding-ws-wsdlgen/src/main/java/org/apache/tuscany/sca/binding/ws/wsdlgen/WSDLServiceGenerator.java
index ebfbdc509a..bf3615c9f8 100644
--- a/java/sca/modules/binding-ws-wsdlgen/src/main/java/org/apache/tuscany/sca/binding/ws/wsdlgen/WSDLServiceGenerator.java
+++ b/java/sca/modules/binding-ws-wsdlgen/src/main/java/org/apache/tuscany/sca/binding/ws/wsdlgen/WSDLServiceGenerator.java
@@ -20,23 +20,16 @@ package org.apache.tuscany.sca.binding.ws.wsdlgen;
 
 //FIXME: trim the import list down to what's really needed
 
-import java.io.IOException;
+
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Iterator;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.wsdl.Binding;
-import javax.wsdl.BindingOperation;
 import javax.wsdl.Definition;
 import javax.wsdl.Import;
 import javax.wsdl.Port;
@@ -46,17 +39,11 @@ import javax.wsdl.WSDLException;
 import javax.wsdl.extensions.ExtensibilityElement;
 import javax.wsdl.extensions.soap.SOAPAddress;
 import javax.wsdl.extensions.soap.SOAPBinding;
-import javax.wsdl.extensions.soap.SOAPOperation;
 import javax.wsdl.extensions.soap12.SOAP12Address;
 import javax.wsdl.extensions.soap12.SOAP12Binding;
 import javax.wsdl.factory.WSDLFactory;
 import javax.wsdl.xml.WSDLWriter;
 import javax.xml.namespace.QName;
-import javax.xml.stream.FactoryConfigurationError;
-import javax.xml.stream.XMLInputFactory;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamReader;
-import javax.xml.transform.dom.DOMSource;
 
 import org.apache.tuscany.sca.assembly.AbstractContract;
 import org.apache.tuscany.sca.assembly.Component;
@@ -64,18 +51,11 @@ import org.apache.tuscany.sca.assembly.CompositeService;
 import org.apache.tuscany.sca.assembly.builder.impl.ProblemImpl;
 import org.apache.tuscany.sca.binding.ws.WebServiceBinding;
 import org.apache.tuscany.sca.interfacedef.Interface;
-import org.apache.tuscany.sca.interfacedef.Operation;
 import org.apache.tuscany.sca.interfacedef.wsdl.WSDLDefinition;
 import org.apache.tuscany.sca.interfacedef.wsdl.WSDLInterface;
 import org.apache.tuscany.sca.monitor.Monitor;
 import org.apache.tuscany.sca.monitor.Problem;
 import org.apache.tuscany.sca.monitor.Problem.Severity;
-import org.apache.tuscany.sca.policy.PolicySet;
-import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
-import org.apache.tuscany.sca.policy.security.ws.Axis2ConfigParamPolicy;
-import org.apache.tuscany.sca.policy.util.PolicyHandler;
-import org.apache.tuscany.sca.policy.util.PolicyHandlerTuple;
-import org.apache.tuscany.sca.policy.util.PolicyHandlerUtils;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
diff --git a/java/sca/modules/core-spi/src/main/java/org/apache/tuscany/sca/invocation/Message.java b/java/sca/modules/core-spi/src/main/java/org/apache/tuscany/sca/invocation/Message.java
index a727693132..61835217de 100644
--- a/java/sca/modules/core-spi/src/main/java/org/apache/tuscany/sca/invocation/Message.java
+++ b/java/sca/modules/core-spi/src/main/java/org/apache/tuscany/sca/invocation/Message.java
@@ -30,6 +30,7 @@ import org.apache.tuscany.sca.runtime.EndpointReference;
  */
 public interface Message {
     String QOS_CTX_SECURITY_PRINCIPAL = "PRINCIPAL";
+    String QOS_CTX_SECURITY_SUBJECT = "SUBJECT";
 
     /**
      * Returns the body of the message, which will be the payload or parameters associated with the wire
@@ -120,5 +121,5 @@ public interface Message {
      * 
      * @return
      */
-    Map<String, Object> getHeader();
+    Map<String, Object> getHeaders();
 }
diff --git a/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/context/RequestContextImpl.java b/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/context/RequestContextImpl.java
index aa69bb3ae5..0c5dc63a89 100644
--- a/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/context/RequestContextImpl.java
+++ b/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/context/RequestContextImpl.java
@@ -48,7 +48,7 @@ public class RequestContextImpl implements RequestContext {
     }
 
     public Subject getSecuritySubject() {
-        throw new UnsupportedOperationException();
+        return (Subject)ThreadMessageContext.getMessageContext().getQoSContext().get(Message.QOS_CTX_SECURITY_SUBJECT);
     }
 
     public String getServiceName() {
diff --git a/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/MessageImpl.java b/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/MessageImpl.java
index 7d7fc583c3..4ce88f5e2e 100644
--- a/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/MessageImpl.java
+++ b/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/MessageImpl.java
@@ -32,7 +32,7 @@ import org.apache.tuscany.sca.runtime.EndpointReference;
  * @version $Rev $Date$
  */
 public class MessageImpl implements Message { 
-    private Map<String, Object> header = new Hashtable<String, Object>();
+    private Map<String, Object> headers = new Hashtable<String, Object>();
     private Object body;
     private Object messageID;
     private boolean isFault;
@@ -102,8 +102,8 @@ public class MessageImpl implements Message {
         return qosContext;
     }
     
-    public Map<String, Object> getHeader() {
-        return qosContext;
+    public Map<String, Object> getHeaders() {
+        return headers;
     }    
 
 }
diff --git a/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/NonBlockingInterceptor.java b/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/NonBlockingInterceptor.java
index 60f90fb6b5..c79fe46a7e 100644
--- a/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/NonBlockingInterceptor.java
+++ b/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/NonBlockingInterceptor.java
@@ -186,7 +186,7 @@ public class NonBlockingInterceptor implements Interceptor {
             return null;
         }
         
-        public Map<String, Object> getHeader() {
+        public Map<String, Object> getHeaders() {
             return null;
         }        
     }
diff --git a/java/sca/modules/implementation-notification/src/main/java/org/apache/tuscany/sca/implementation/notification/ImmutableMessage.java b/java/sca/modules/implementation-notification/src/main/java/org/apache/tuscany/sca/implementation/notification/ImmutableMessage.java
index 6941a0b5f2..8db7e5bed3 100644
--- a/java/sca/modules/implementation-notification/src/main/java/org/apache/tuscany/sca/implementation/notification/ImmutableMessage.java
+++ b/java/sca/modules/implementation-notification/src/main/java/org/apache/tuscany/sca/implementation/notification/ImmutableMessage.java
@@ -93,7 +93,7 @@ public class ImmutableMessage implements Message {
         return null;

     }

     

-    public Map<String, Object> getHeader() {

+    public Map<String, Object> getHeaders() {

         return null;

     }

 

diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java
new file mode 100644
index 0000000000..7e32973b9a
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.policy;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.apache.tuscany.sca.invocation.Message;
+import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPrincipal;
+
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class SecurityUtil {
+    
+    public static Subject getSubject(Message msg){
+        Subject subject = (Subject)msg.getQoSContext().get(Message.QOS_CTX_SECURITY_SUBJECT);
+        
+        if (subject == null){
+            subject = new Subject(); 
+            msg.getQoSContext().put(Message.QOS_CTX_SECURITY_SUBJECT, subject); 
+        }
+        
+        return subject;
+    }
+    
+    public static <T> T getPrincipal(Subject subject, Class<T> clazz){
+        for (Principal msgPrincipal : subject.getPrincipals() ){
+            if (clazz.isInstance(msgPrincipal)){
+                return clazz.cast(msgPrincipal);
+            }
+        }
+        
+        return null;
+    }
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java
index 14bff2dca6..c4909d6bd8 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java
@@ -31,7 +31,7 @@ import org.apache.tuscany.sca.policy.Policy;
  */
 public class BasicAuthenticationPolicy implements Policy {
     public static final QName BASIC_AUTHENTICATION_POLICY_QNAME = new QName(Constants.SCA10_TUSCANY_NS, "basicAuthentication");
-    public static final String BASIC_AUTHENTICATION_USERNAME = "username";
+    public static final String BASIC_AUTHENTICATION_USERNAME = "userName";
     public static final String BASIC_AUTHENTICATION_PASSWORD = "password";
 
     private String userName;
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java
index 082dfc9fdb..4e605ec2dc 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java
@@ -43,10 +43,6 @@ import org.apache.tuscany.sca.monitor.Monitor;
  */
 public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor<BasicAuthenticationPolicy> {
     
-    private static final String USER_NAME = "userName";
-    private static final String PASSWORD = "password";
-
-    
     public QName getArtifactType() {
         return BasicAuthenticationPolicy.BASIC_AUTHENTICATION_POLICY_QNAME;
     }
@@ -67,9 +63,9 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor
                     name = reader.getName();
                     if ( name.equals(getArtifactType()) ) {
                         // no attributes at the moment
-                    } else if ( USER_NAME.equals(name.getLocalPart()) ) {
+                    } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME.equals(name.getLocalPart()) ) {
                         policy.setUserName(reader.getElementText());
-                    } else if ( PASSWORD.equals(name.getLocalPart()) ) {
+                    } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD.equals(name.getLocalPart()) ) {
                         policy.setPassword(reader.getElementText());
                     }
                     break;
@@ -101,7 +97,7 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor
 
         if ( policy.getUserName() != null ) {
             writer.writeStartElement(prefix, 
-                                     USER_NAME,
+                                     BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME,
                                      getArtifactType().getNamespaceURI());
             writer.writeCharacters(policy.getUserName());
             writer.writeEndElement();
@@ -109,7 +105,7 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor
         
         if ( policy.getPassword() != null ) {
             writer.writeStartElement(prefix, 
-                                     PASSWORD,
+                                     BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD,
                                      getArtifactType().getNamespaceURI());
             writer.writeCharacters(policy.getPassword());
             writer.writeEndElement();
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java
new file mode 100644
index 0000000000..3ab9cb656d
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.policy.authentication.basic;
+
+import java.security.Principal;
+
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class BasicAuthenticationPrincipal implements Principal {
+
+    private String name;
+    private String password;
+
+    public BasicAuthenticationPrincipal(String name, String password){
+        if (name == null) {
+            throw new IllegalArgumentException("name cannot be null");
+        }
+        
+        this.name = name;
+        this.password = password;
+    }
+    
+    public String getName() {
+        return name;
+    }  
+    
+    public String getPassword() {
+        return password;
+    }
+    
+    @Override
+    public int hashCode() {
+        return name.hashCode();
+    }
+    
+    @Override
+    public String toString() {
+        return name;
+    }
+    
+    
+    @Override
+    public boolean equals(Object principal) {
+        if (principal == null)
+            return false;
+        if (this == principal)
+            return true;
+        if (getClass() != principal.getClass())
+            return false;
+        final BasicAuthenticationPrincipal other = (BasicAuthenticationPrincipal)principal;
+        if (name == null) {
+            if (other.name != null)
+                return false;
+        } else if (!name.equals(other.name)){
+            return false;
+        }
+            
+        return true;
+    }
+   
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java
index 83b1d20e9e..2576fe56ad 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java
@@ -18,11 +18,13 @@
  */
 package org.apache.tuscany.sca.policy.authentication.basic;
 
+import java.security.Principal;
 import java.util.logging.ConsoleHandler;
 import java.util.logging.Handler;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import javax.security.auth.Subject;
 import javax.xml.namespace.QName;
 
 import org.apache.tuscany.sca.assembly.xml.Constants;
@@ -32,15 +34,13 @@ import org.apache.tuscany.sca.invocation.Invoker;
 import org.apache.tuscany.sca.invocation.Message;
 import org.apache.tuscany.sca.policy.Policy;
 import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.SecurityUtil;
 
 /**
- * Policy handler to handle PolicySet related to Logging with the QName
- * {http://tuscany.apache.org/xmlns/sca/1.0/impl/java}LoggingPolicy
  *
  * @version $Rev$ $Date$
  */
 public class BasicAuthenticationReferencePolicyInterceptor implements Interceptor {
-    public static final QName policySetQName = new QName(Constants.SCA10_TUSCANY_NS, "wsBasicAuthentication");
 
     private Invoker next;
     private Operation operation;
@@ -68,11 +68,26 @@ public class BasicAuthenticationReferencePolicyInterceptor implements Intercepto
     }
 
     public Message invoke(Message msg) {
-        // could call out here to some 3rd part system to get credentials
-        msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME,
-                                policy.getUserName());
-        msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD,
-                                policy.getPassword());
+        
+        // get the security context
+        Subject subject = SecurityUtil.getSubject(msg);
+        BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject, 
+                                                                           BasicAuthenticationPrincipal.class);
+
+        // if no credentials propogated from the reference then use 
+        // the ones from the policy
+        if (principal == null && 
+            policy.getUserName() != null && 
+            !policy.getUserName().equals("")) {
+            principal = new BasicAuthenticationPrincipal(policy.getUserName(),
+                                                         policy.getPassword());
+            subject.getPrincipals().add(principal);
+        }
+
+        if (principal == null){
+            // alternatively we could call out here to some 3rd party system to get credentials
+            // or convert from some other security principal
+        }
         
         return getNext().invoke(msg);
     }
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
index 1b8ceb1515..c3591d1a40 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
@@ -19,6 +19,9 @@
 package org.apache.tuscany.sca.policy.authentication.basic;
 
 
+import java.security.Principal;
+
+import javax.security.auth.Subject;
 import javax.xml.namespace.QName;
 
 import org.apache.tuscany.sca.assembly.xml.Constants;
@@ -27,6 +30,9 @@ import org.apache.tuscany.sca.invocation.Interceptor;
 import org.apache.tuscany.sca.invocation.Invoker;
 import org.apache.tuscany.sca.invocation.Message;
 import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.SecurityUtil;
+
+import com.ibm.security.auth.JAASPrincipal;
 
 /**
  * Policy handler to handle PolicySet related to Logging with the QName
@@ -35,8 +41,6 @@ import org.apache.tuscany.sca.policy.PolicySet;
  * @version $Rev$ $Date$
  */
 public class BasicAuthenticationServicePolicyInterceptor implements Interceptor {
-    public static final QName policySetQName = new QName(Constants.SCA10_TUSCANY_NS, "wsBasicAuthentication");
-
     private Invoker next;
     private Operation operation;
     private PolicySet policySet = null;
@@ -64,16 +68,20 @@ public class BasicAuthenticationServicePolicyInterceptor implements Interceptor
 
     public Message invoke(Message msg) {
         
-        String username = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME);
-        String password = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD);
-        
-        if (username != null) {
+        Subject subject = SecurityUtil.getSubject(msg);
+        BasicAuthenticationPrincipal principal =  SecurityUtil.getPrincipal(subject, 
+                                                                            BasicAuthenticationPrincipal.class);
+
+        if (principal != null){
             
-            System.out.println("Username: " + username + " Password: " + password);
-            // could call out here to some 3rd part system to do whatever you 
-            // need to turn credentials into a principal            
+            System.out.println("Username: " + 
+                               principal.getName() + 
+                               " Password: " + 
+                               principal.getPassword());
             
-            msg.getQoSContext().put(Message.QOS_CTX_SECURITY_PRINCIPAL, username);             
+            // could call out here to some 3rd party system to do whatever you 
+            // need to do do with username and password
+           
         }
     
         return getNext().invoke(msg);
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java
new file mode 100644
index 0000000000..147b863c01
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.policy.authentication.token;
+
+import java.security.Principal;
+
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class TokenPrincipal implements Principal {
+
+    private String name;
+
+    public TokenPrincipal(String name){
+        if (name == null) {
+            throw new IllegalArgumentException("name cannot be null");
+        }
+        
+        this.name = name;
+    }
+    
+    public String getName() {
+        return name;
+    }    
+    
+    @Override
+    public int hashCode() {
+        return name.hashCode();
+    }
+    
+    @Override
+    public String toString() {
+        return name;
+    }
+    
+    
+    @Override
+    public boolean equals(Object principal) {
+        if (principal == null)
+            return false;
+        if (this == principal)
+            return true;
+        if (getClass() != principal.getClass())
+            return false;
+        final TokenPrincipal other = (TokenPrincipal)principal;
+        if (name == null) {
+            if (other.name != null)
+                return false;
+        } else if (!name.equals(other.name)){
+            return false;
+        }
+            
+        return true;
+    }
+   
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java
new file mode 100644
index 0000000000..1559e22cb9
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package org.apache.tuscany.sca.policy.identity;
+
+import java.security.Principal;
+import java.util.List;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Invoker;
+import org.apache.tuscany.sca.invocation.Message;
+import org.apache.tuscany.sca.policy.SecurityUtil;
+import org.osoa.sca.ServiceRuntimeException;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityIdentityImplementationPolicyInterceptor implements Interceptor {
+    private List<SecurityIdentityPolicy> securityIdentityPolicies;
+    private Invoker next;
+
+    public SecurityIdentityImplementationPolicyInterceptor(List<SecurityIdentityPolicy> securityIdentityPolicies) {
+        super();
+        this.securityIdentityPolicies = securityIdentityPolicies;
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.invocation.Interceptor#getNext()
+     */
+    public Invoker getNext() {
+        return next;
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.invocation.Interceptor#setNext(org.apache.tuscany.sca.invocation.Invoker)
+     */
+    public void setNext(Invoker next) {
+        this.next = next;
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.invocation.Invoker#invoke(org.apache.tuscany.sca.invocation.Message)
+     */
+    public Message invoke(Message msg) {
+        try {
+            
+            Subject subject = SecurityUtil.getSubject(msg);
+                
+            // May do some selection here based on runAs settings.
+            // by default though there is nothing to do as the implementation
+            // assumes the callers user credentials
+            
+
+        } catch (Exception e) {
+            throw new ServiceRuntimeException(e);
+        }
+        return getNext().invoke(msg);
+    }
+
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java
new file mode 100644
index 0000000000..aa52e0bc41
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.policy.identity;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.tuscany.sca.assembly.ConfiguredOperation;
+import org.apache.tuscany.sca.assembly.Implementation;
+import org.apache.tuscany.sca.assembly.OperationsConfigurator;
+import org.apache.tuscany.sca.interfacedef.Operation;
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Phase;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.provider.PolicyProvider;
+import org.apache.tuscany.sca.runtime.RuntimeComponent;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityIdentityImplementationPolicyProvider implements PolicyProvider {
+    private RuntimeComponent component;
+    private Implementation implementation;
+
+    public SecurityIdentityImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) {
+        super();
+        this.component = component;
+        this.implementation = implementation;
+    }
+
+    private List<SecurityIdentityPolicy> findPolicies(Operation op) {
+        List<SecurityIdentityPolicy> polices = new ArrayList<SecurityIdentityPolicy>();
+        // FIXME: How do we get a list of effective policySets for a given operation?
+        if (implementation instanceof OperationsConfigurator) {
+            OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation;
+            for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) {
+                if (cop.getName().equals(op.getName())) {
+                    for (PolicySet ps : cop.getPolicySets()) {
+                        for (Object p : ps.getPolicies()) {
+                            if (SecurityIdentityPolicy.class.isInstance(p)) {
+                                polices.add((SecurityIdentityPolicy)p);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        
+        List<PolicySet> policySets = component.getPolicySets();
+        for (PolicySet ps : policySets) {
+            for (Object p : ps.getPolicies()) {
+                if (SecurityIdentityPolicy.class.isInstance(p)) {
+                    polices.add((SecurityIdentityPolicy)p);
+                }
+            }
+        }
+        return polices;
+    }
+
+    public Interceptor createInterceptor(Operation operation) {
+        List<SecurityIdentityPolicy> policies = findPolicies(operation);
+        if (policies == null || policies.isEmpty()) {
+            return null;
+        } else {
+            return new SecurityIdentityImplementationPolicyInterceptor(findPolicies(operation));
+        }
+    }
+
+    public String getPhase() {
+        return Phase.IMPLEMENTATION_POLICY;
+    }
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java
new file mode 100644
index 0000000000..a20f314a2a
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package org.apache.tuscany.sca.policy.identity;
+
+import org.apache.tuscany.sca.assembly.Binding;
+import org.apache.tuscany.sca.assembly.Implementation;
+import org.apache.tuscany.sca.core.ExtensionPointRegistry;
+import org.apache.tuscany.sca.provider.PolicyProvider;
+import org.apache.tuscany.sca.provider.PolicyProviderFactory;
+import org.apache.tuscany.sca.runtime.RuntimeComponent;
+import org.apache.tuscany.sca.runtime.RuntimeComponentReference;
+import org.apache.tuscany.sca.runtime.RuntimeComponentService;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityIdentityPolicyProviderFactory implements PolicyProviderFactory<SecurityIdentityPolicy> {
+    private ExtensionPointRegistry registry;
+    
+    public SecurityIdentityPolicyProviderFactory(ExtensionPointRegistry registry) {
+        super();
+        this.registry = registry;
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createImplementationPolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.assembly.Implementation)
+     */
+    public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) {
+        return new SecurityIdentityImplementationPolicyProvider(component, implementation);
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createReferencePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentReference, org.apache.tuscany.sca.assembly.Binding)
+     */
+    public PolicyProvider createReferencePolicyProvider(RuntimeComponent component,
+                                                        RuntimeComponentReference reference,
+                                                        Binding binding) {
+        return null; 
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createServicePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentService, org.apache.tuscany.sca.assembly.Binding)
+     */
+    public PolicyProvider createServicePolicyProvider(RuntimeComponent component,
+                                                      RuntimeComponentService service,
+                                                      Binding binding) {
+        return null; 
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.ProviderFactory#getModelType()
+     */
+    public Class getModelType() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+}
diff --git a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
index 3a514e6088..bf8e4d11b4 100644
--- a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
+++ b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
@@ -1,26 +1,27 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-# 
-#   http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License. 
-
-# Implementation class for the artifact processor extension
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
-org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
-org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
-org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
+# Licensed to the Apache Software Foundation (ASF) under one

+# or more contributor license agreements.  See the NOTICE file

+# distributed with this work for additional information

+# regarding copyright ownership.  The ASF licenses this file

+# to you under the Apache License, Version 2.0 (the

+# "License"); you may not use this file except in compliance

+# with the License.  You may obtain a copy of the License at

+# 

+#   http://www.apache.org/licenses/LICENSE-2.0

+# 

+# Unless required by applicable law or agreed to in writing,

+# software distributed under the License is distributed on an

+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

+# KIND, either express or implied.  See the License for the

+# specific language governing permissions and limitations

+# under the License. 

+

+# Implementation class for the artifact processor extension

+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy

+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy

+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy

+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy

+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy

+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy

+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy

+org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy

+org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy

diff --git a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
index 95263b8836..0363fbd981 100644
--- a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
+++ b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
@@ -18,3 +18,4 @@
 # Implementation class for the policy extension

 org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy

 org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy

+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProviderFactory;model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy

diff --git a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
index f5b79af7ee..afd04a3444 100644
--- a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
+++ b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
@@ -20,6 +20,10 @@
 <definitions xmlns="http://www.osoa.org/xmlns/sca/1.0" targetNamespace="http://tuscany.apache.org/xmlns/sca/1.0"
     xmlns:sca="http://www.osoa.org/xmlns/sca/1.0" xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0">
 
+    <intent name="identity" constrains="sca:implementation.java">
+        <description>All invocations are must have an identity set</description>
+    </intent>
+
     <intent name="jaasAuthentication" constrains="sca:implementation.java">
         <description>All invocations to be authenticated</description>
     </intent>
diff --git a/java/sca/modules/pom.xml b/java/sca/modules/pom.xml
index a664d3a72f..2077298a97 100644
--- a/java/sca/modules/pom.xml
+++ b/java/sca/modules/pom.xml
@@ -61,6 +61,7 @@
                 <module>binding-http-runtime</module>
                 <module>binding-jms</module>
                 <module>binding-jms-runtime</module>
+                <module>binding-jms-policy</module>
                 <module>binding-jsonrpc</module>
                 <module>binding-jsonrpc-runtime</module>
                 <module>binding-notification</module>
@@ -170,7 +171,7 @@
                 <module>policy-logging</module>
                 <module>policy-security</module>
                 <module>policy-security-jsr250</module>
-                <module>policy-security-ws</module>
+                <!--module>policy-security-ws</module-->
                 <module>policy-transaction</module>
                 <module>runtime</module>
                 <module>runtime-tomcat</module>