WS-Policy is a specification that allows
web services
A web service (WS) is either:
* a service offered by an electronic device to another electronic device, communicating with each other via the Internet, or
* a server running on a computer device, listening for requests at a particular port over a n ...
to use XML to advertise their policies (on
security
Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...
,
quality of service
Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitat ...
, etc.) and for web service consumers to specify their policy requirements.
WS-Policy is a
W3C
The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. Founded in 1994 by Tim Berners-Lee, the consortium is made up of member organizations that maintain full-time staff working together in ...
recommendation as of September 2007.
WS-Policy represents a set of specifications that describe the capabilities and constraints of the security (and other business) policies on intermediaries and end points (for example, required security tokens, supported encryption algorithms, and privacy rules) and how to associate policies with services and end points.
Policy Assertion
Assertions can either be requirements put upon a web service or an advertisement for the policies of a web service.
Operator tags
Two "operators" (XML tags) are used to make statements about policy combinations:
*''wsp:ExactlyOne'' - asserts that only one child node must be satisfied.
*''wsp:All'' - asserts that all child nodes must be satisfied.
Logically, an empty ''wsp:All'' tag makes no assertions.
Policy Intersection
If both provider and consumer specify a policy, an effective policy will be computed, which usually consists of the intersection of both policies. The new policy contains those assertions made by both sides which do not contradict each other. However, synonymous assertions are considered incompatible by a policy intersection. This can easily be explained by the fact that policy intersection is a syntactic approach, which does not incorporate the semantics of the assertions. Furthermore, it ignores the assertion parameters.
Opposed to what the name might suggest, a policy intersection is (although quite similar) not a set-intersection.
Associated specifications
WS-Policy - Attachmentspecifies how to add policies to WSDL and UDDI.
*
WS-SecurityPolicy WS-Security Policy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS
In ecology, an oasis (; : oases ) is a fertile area of a desert or semi-desert environment[WS-Security
Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.
The protocol specifies how integrity and confidentiality can be enf ...]
,
WS-Trust
WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker ...
and
WS-SecureConversation.
*
WS-Policy4MASC specifies management policies for Web services and their compositions.
External links
*The lates
Web Services Policy - Frameworkrecommendation at W3C
*The lates
Web Services Policy - Primerintroduction at W3C
*Th
Web Services Policy Working Grouppage at W3C
WS-Policy specification
Policy
Policy is a deliberate system of guidelines to guide decisions and achieve rational outcomes. A policy is a statement of intent and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an or ...
XML-based standards
Policy