...nevermind. All ready found what I was looking for.
All this is done in the admin console:
1. Go to Services -->Policy sets and copy the Username WSSecurity default policy set and give the copy your own name
2. In your policy set add WS-Security policy (I didn't add any other policies)
3. On the main policy page, uncheck all the check boxes you can also remove the information in the request/response message part protection
4. Go to Service providers and click on your service export ( you'd go to service clients if it was an import)
5. Select the service and attach your previously created policy set
6. Click on assign binding and create a new binding
7. Add the WS-Security Policy (should be the only one available)
8. On the authentication and protection page click on the request:token-auth link and save it even if you don't make changes and it should show status configured
9. You may have to restart the server,or at least the application.
(
http://www.ibm.com/developerworks/forums/thread.jspa?threadID=272559)