Web Service Security, more commonly refered as just WS-Security, is used to secure SOAP messages. For example, let's say a SOAP message is being exchanged between a dmgr and application server. WS-Security will secure the message.
By default, WebSphere includes a few WS-Security policies. In the left panel of the WebSphere web console, expand Services > Policy sets, and select Application policy sets, and the policies that contain WS-Security will be displayed.
A web service application, such as a JAX-WS or JAX-RS application, can be configured to use an application policy set. Expand Applications > Application Types, and select WebSphere enterprise applications. In the Web Services Properties section, select Service client policy sets and bindings. If the Service client policy sets and bindings option is not displayed, this suggests that the application is not a JAX-WS or JAX-RS application.
In Service client policy sets and binding, select Attach Client Policy Set, and select a policy.