A few items we must document for WS-AT:
1. SSL/https usage for WS-AT is disabled by default and can be enabled by setting -Dwsat.ssl.enabled=true
2. Logging and recovery for WS-AT are enabled by default and can be disabled by setting -Dwsat.recovery.enabled=false
3. If a server contains no web service deployments and does contain a WS-AT enabled client, WS-AT endpoints must be deployed manually
4. Due to JDK bug http://monaco.sfbay.sun.com/detail.jsf?cr=6672144 it is necessary set -Dhttp.keepAlive=false when both client and web service are located in the same server.