I'm new to the subject WebServices security. Various tutorials mention that a SOAP message can carry username/password, using the tags < wsse:Username > , < wsse assword >.
I was wondering if the standard would allow me to send a group (or role), *instead* of username/password ? I am going through an SSO system, so I don't need the password anymore (my systems trust each other). But I would like to send the user role, something like: