Note
Only element descriptions are provided in this section. Concepts relating to WS-Policy are covered in Chapter 7.
The WS-Policy framework establishes a means of expressing service metadata beyond the WSDL definition. Specifically, it allows services to communicate rules and preferences in relation to security, processing, or message content. Policies can be applied to a variety of Web resources, positioning this specification as another fundamental part of the WS-* extensions discussed in this chapter (Figure 17.3).
Figure 17.3. How WS-Policy relates to the other WS-* specifications discussed in this chapter.
The WS-Policy framework is comprised of the following three specifications:
These collectively provide the following elements covered in this section, which demonstrate how policies are formulated and attached to element or document-level subjects:
17.3.1. The Policy element and common policy assertions
The Policy element establishes the root construct used to contain the various policy assertions that comprise the policy. The WS-PolicyAssertions specification supplies the following set of common, predefined assertion elements:
These elements represent assertions that can be used to structure basic policies around common requirements. Policy assertions also can be customized, and other WS-* specifications may provide supplemental assertions.
Each assertion can indicate whether its use is required or not via the value assigned to its Usage attribute. A value of "Required" indicates that its conditions must be met. Additionally, the use of the Preference attribute allows an assertion to communicate its importance in comparison to other assertions of the same type.
Examples of policy assertions are provided in the subsequent sections.
17.3.2. The ExactlyOne element
This construct surrounds multiple policy assertions and indicates that there is a choice between them, but that one must be chosen.
17.3.3. The All element
The All construct introduces a rule that states that all of the policy assertions within the construct must be met. This element can be combined with the ExactlyOne element, where collections of policy assertions can each be grouped into All constructs that are then further grouped into a parent ExactlyOne construct. This indicates that the policy is offering a choice of assertions groups but that the assertions in any one of the alternative All groups must be met.
17.3.4. The Usage attribute
As you've seen in the previous examples, a number of WS-Policy assertion elements contain a Usage attribute to indicate whether a given policy assertion is required. This attribute is a key part of the WS-Policy framework as its values form part of the overall policy rules. The Usage attribute actually has a number of settings worth knowing about, as shown in Table 17.4.
Attribute Value |
Description |
---|---|
Required |
The assertion requirements must be met, or an error will be generated. |
Optional |
The assertion requirements may be met, but an error will not be generated if they are not met. |
Rejected |
The assertion is unsupported. |
Observed |
The assertion applies to all policy subjects. |
Ignored |
The assertion will intentionally be ignored. |
17.3.5. The Preference attribute
Policy assertions can be ranked in order of preference using this attribute. This is especially relevant if a service provider is flexible enough to provide multiple policy alternatives to potential service requestors.
The Preference attribute is assigned an integer value. The higher this value, the more preferred the assertion. When this attribute is not used, a default value of "0" is assigned to the policy assertion.
17.3.6. The PolicyReference element
So far we've only been discussing the creation of policy documents. However, we have not yet established how policies are associated with the subjects to which they apply. The PolicyReference element is one way to simply link an element with one or more policies. Each PolicyReference element contains a URI attribute that points to one policy document or a specific policy assertion within the document. (The ID attribute of the policy or grouping construct is referenced via the value displayed after the "#" symbol.)
If multiple PolicyReference elements are used within the same element, the policy documents are merged at runtime.
Note
PolicyReference elements can reside within the Policy construct, allowing for the creation of reusable policy modules.
17.3.7. The PolicyURIs attribute
Alternatively, the PolicyURIs attribute also can be used to link to one or more policy documents. The attribute is added to an element and can be assigned multiple policy locations. As with PolicyReference, these policies are then merged at runtime.
17.3.8. The PolicyAttachment element
Another way of associating a policy with a subject is through the use of the PolicyAttachment construct. The approach taken here is that the child AppliesTo construct is positioned as the parent of the subject elements. The familiar PolicyReference element then follows the AppliesTo construct to identify the policy assertions that will be used.
17.3.9. Additional types of policy assertions
It is important to note that policy assertions can be utilized and customized beyond the conventional manner in which they are displayed in the preceding examples.
For example:
SUMMARY OF KEY POINTS |
---|
|
Introduction
Case Studies
Part I: SOA and Web Services Fundamentals
Introducing SOA
The Evolution of SOA
Web Services and Primitive SOA
Part II: SOA and WS-* Extensions
Web Services and Contemporary SOA (Part I: Activity Management and Composition)
Web Services and Contemporary SOA (Part II: Advanced Messaging, Metadata, and Security)
Part III: SOA and Service-Orientation
Principles of Service-Orientation
Service Layers
Part IV: Building SOA (Planning and Analysis)
SOA Delivery Strategies
Service-Oriented Analysis (Part I: Introduction)
Service-Oriented Analysis (Part II: Service Modeling)
Part V: Building SOA (Technology and Design)
Service-Oriented Design (Part I: Introduction)
Service-Oriented Design (Part II: SOA Composition Guidelines)
Service-Oriented Design (Part III: Service Design)
Service-Oriented Design (Part IV: Business Process Design)
Fundamental WS-* Extensions
SOA Platforms
Appendix A. Case Studies: Conclusion