Two nits, one general comment. - Von Section 3.2.1: I find it odd that while for message-level security encryption is mandated, it's not for TLS (as I read the BSP-1.0 document, it's optional). Is this intentional or is encryption assumed with TLS? General comment: In part the above comment comes from the fact that the document doesn't clarify what a "secure channel" is. At the architectural level, what does the use of this profile provide? It seems to be the intention that it is a channel has authentication, privacy and integrity attributes, but that is only implied. R0312, R0313, R0314, R0315, R0316: "When using Message Level Security..." This phrase seems confusing since many of the instances discussed don't actually occur at the time messages are being sent. I would suggest "In order to support Message Level Security..."