From the specification:

“The mechanisms defined in WS-Security provide the basic mechanisms on top of which secure messaging can be defined. This specification defines extensions to allow security context establishment and sharing, session key derivation.

The WS-Security specification focuses on the message authentication model. This approach, while useful in many situations, is subject to several forms of attack. Accordingly, this specification introduces a security context and its usage. The context authentication model authenticates a series of messages thereby addressing these shortcomings, but requires additional communications if authentication happens prior to normal application exchanges.

To implement these models (described below) we introduce new headers and SOAP extensions.

Compliant services are NOT REQUIRED to implement everything defined in this specification. However, if a service implements an aspect of the specification, it MUST comply with the requirements specified (e.g. related "MUST" statements).”