The problem of handling multiple headers in WS-Security implementations