OK, I could see that we could add a detail
under TransportSecurity element, even if MSG decides to
drop discussion of any HTTP auth. mechanism.
Is there a standardized way of referring to
different HTTP auth mechanisms that we could reuse
(like a URI, OID or whatever...)?
Tim C., can be add this under your CPPA-MSG security
outline around item 2.3 (version 1.1 mutual authentication)