Again: encryption is not authentication. Receiving an encrypted request does not tell the server who sent the request. Assuming that by "asymmetric binding" you actually mean "asymmetric encryption" - that only relies on the client having got hold of the service's public key. From that, you can't infer who the client is.
You seem to be reluctant to use both encryption and authentication in the same request despite apparently needing to do that; why is that?
For an example of how to use encryption with Axis2/Rampart, see this article I wrote some time ago:
http://www.javaranch.com/journal/2008/10/web-service-security-encryption-axis2.html