Yes. I am still working on this problem as well, this is what our great support person (Flora Huang) told me.
1. Create a soap policy from the wsdl
2. Create another rest policy that calls the soap policy on localhost
3. Add the ws security stuff to the soap policy
4. Perhaps lock down the soap policy by only accepting a localhost source
I'm still having trouble with the signature but the rest seems to be working.