Ashutosh Shahi reports:
1. Can not change the WSSAssertion. It comes up as Wss10 for some profiles and
Wss11 for others, and there is no option to configure it. For example, for
"Mutual Certificates Security", it is set to Wss10. Now, If I want to set
RequireSignatureConfirmation for this profile, I can't as it is supported only
for Wss11. RequireSignatureConfirmation is not displayed in list of configurable
options. 

I am using glassfish build 33, netbeans daily build of Jan 31st, wsitm03
netbeans module of Feb 7th.

I think, #1 should definitely be filed as an RFE; Kumar can you confirm this?

Yes. In my profiles document, for some profiles like the first one (UsernameAuth
with SymmetricKeys..) i fixed the WSS version to 1.1 inorder to take advantage
of EKSHA1. That way the developer need not possess his own certificate to able
to securely communicate with the service.

For many of the other profiles, i  believe i have put the version as 
WSS1.0/WSS1.1 : indicating that either versions should be usable.  I believe
martin's counter argument for this has been does the  developer really care
whether it is 1.1 or 1.0.... The answer is no, but there are certain intricacies
such as RequrieSignatureConfirmation, when someone enables this the WSS version
should automatically be set to WSS 1.1 (since the default version for
WS-SecurityPolicy is WSS 1.0, so NB should generate an explicit WSS assertion in
this case). If such things are taken care things might still be ok.

But in general some developer may say i want WSS 1.1 or that i want WSS 1.0
because the other party does not support WSS 1.1. So the UI should allow such
flexibility where possible.