WS-Policy

Document:

Web Services Policy 1.5 - Framework and

Web Services Policy 1.5 - Attachment

Purpose:

To define a way to express Quality-of-Service requirements and capabilities, as needed at design time or run time.

The following example (from a previous version of Web Services Policy Framework) expresses a security requirement for requesters of a service.

 <wsp:Policy    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" >    <wsp:ExactlyOne>       <sp:Basic256Rsa15 />       <sp:TripleDesRsa15 />    </wsp:ExactlyOne> </wsp:Policy> 

The ExactlyOne element indicates that a requester must use one of two security algorithms (Basic256Rsa15 or TripleDesRsa15).

As suggested by the example, WS-Policy provides an XML vocabulary and a way to embed that vocabulary in WSDL, UDDI, and other XML-based definitions. However, WS-Policy does not define the meaning of each policy assertion, which is content (such as Basic256Rsa15) that expresses a requirement or capability. A policy assertion is defined in one or another domain, which is an area of concern such as security, reliability, or transaction control. Many policy assertions are defined in other WS-* specifications.

The main purposes of the WS-Policy vocabulary and the embedded policy assertions are as follows:

• To express what behavior a service expects or prefers from a service requester, beyond the data that fulfills a service interface. A service might require a particular kind of authentication or encryption, for example.

• To express what capability is provided by a service, beyond the data that is returned to a requester. A service might guarantee availability during certain hours of the day, for example.

For further details, see Web Services Policy 1.5 - Primer.

Sponsor:

W3C

Link:

http://www.w3.org/2002/ws/policy/#drafts