Security Policy Association
The Security Policy Association shared configuration resource associates a Security Policy with a particular Service operation or SOAP resource in your project. This allows you to specify security policies for inbound or outbound SOAP messages on a per-operation or per-activity basis.
When a security policy is attached to a resource that receives SOAP messages (for example, SOAP Event Source, or the reply message of a SOAP Request Reply activity), the associated security policy is used for the incoming message. For example, if authentication is specified in the security policy, then the identity of the sender of incoming messages is checked against a list of trusted identities.
When a security policy is attached to a resource that sends SOAP messages (for example, SOAP Request Reply , SOAP Send Fault, or SOAP Send Reply), the security the associated security policy is used for the outgoing message. For example, if encryption is specified in the security policy, the outgoing message is encrypted before it is sent.