Section 7.11.3 of the ebMS Core Spec includes a recommendation how to prevent replay attacks on pull requests. This is based on At-Most-Once reliability and use of WSS.

Shouldn't AS4 also include such a recommendation based on the options specified for authentication and authorization of the PullRequest?