Introduction To WS-Policy

Introduction to WS-Policy

by H. Fırat GüvenceWeb Service Policy

Outline

• What is WS?

• What is WS-Policy?

• Why is WS-Policy needed?

• Conceptual Placement in WS

• Technical Specification

• Vendors / Tools

• Conclusion

• Q & A

What is WS (Web Service)?

• XML

▫ SOAP

XML formatted message in order to exchange information among applications or services.

▫ WSDL

SOAP is a protocol in order to exchange information through defined services by WSDL

currently the most common language for describing the 'how' and 'where' a Web service exchanges messages

• Web services are being successfully used for interoperable solutions across various industries

WS-Policy

• Extends SOAP, XML Schema, WSDL and offer mechanisms to represent the capabilities and requirements of Web services as Policies

▫ representing whether and how a message must be secured

▫ whether and how a message must be delivered reliably

▫ whether a message must flow a transaction, etc

Why?

• Provider/Requester Security

• SOAP Data Optimization

• Header element

▫ Word of mouth?

▫ Documentation?

▫ WSDL?

• Automated tools will evaluate WSDL and generate policy-aware client and engages the WS in the way of how the WS wants.

Conceptual Placement in WS

• In WSDL and SOAP

• It can be thought of as choice of wire(s) how they may speak to each other for security, optimization, transaction.

Technical Specifications

• Simple Language

▫ Four elements

Policy

All

ExactlyOne

PolicyReference

▫ One attribute

wsp:Optional

Technical Specifications cont’d

• Cenk(Web service developer) is building a client application that retrieves real time stock quote information from IMKB.

• IMKB supplies real time data using Web services.

Technical Specifications cont’d<soap:Envelope>

<soap:Header>

<wsa:To>http://stock.contoso.com/realquote</wsa:To>

<wsa:Action>http://stock.contoso.com/GetRealQuote</wsa:Action>

</soap:Header>

<soap:Body>...</soap:Body>

</soap:Envelope>

<Policy>

<wsap:UsingAddressing />

</Policy>

policy assertion


<soap:Envelope><soap:Header><wss:Security soap:mustUnderstand="1" ><wsu:Timestamp u:Id="_0"><wsu:Created>2006-01-19T02:49:53.914Z</u:Created><wsu:Expires>2006-01-19T02:54:53.914Z</u:Expires>

</wsu:Timestamp></wss:Security><wsa:To>http://real.contoso.com/quote</wsa:To><wsa:Action>http://real.contoso.com/GetRealQuote</wsa:Action>

</soap:Header><soap:Body>...</soap:Body>

</soap:Envelope>

<Policy>


<sp:TransportBinding>...</sp:TransportBinding>

</Policy>


• Assertion

▫ A piece of service metadata

▫ Identifies a domain specific behavior (requirement)

Web Services Security Policy

Web Services Reliable Messaging Policy

And so forth


• Assertion con’d

▫ 3 policy operators for combining policy assertions:

Policy

All and

ExactlyOne

▫ Policy operator is a synonym for All

<All>



</All>


• Assertion con’d<All>



</All>

<ExactlyOne>


<sp:AsymmetricBinding>...</sp:AsymmetricBinding >

</ExactlyOne>

<All>


<ExactlyOne>



</ExactlyOne>

</All>


• Assertion con’d<All>

<mtom:OptimizedMimeSerialization wsp:Optional=”true”/>


<ExactlyOne>



</ExactlyOne>

</All>


▫ References, naming policies

<Policy wsu:Id=”common”>

<mtom:OptimizedMimeSerialization wsp:Optional=”true”/>


</Policy>

…

<PolicyReference URI=”#common”/>


▫ Attaching to WSDL

<wsdl:binding name="SecureBinding“ type="tns:RealTimeDataInterface" >

<PolicyReference URI="#secure" />

<wsdl:operation name="GetRealQuote" >…</wsdl:operation>

…

</wsdl:binding>

Vendors / Tools

• Apache Foundation, Axis2/Javahttp://ws.apache.org/axis2/1_2/WS_policy.html

• Java demo based on CXF WS-Policy framework in Apache CXF http://www.java2s.com/Code/Java/Web-Services-SOA/ThisdemoshowshowtheCXFWSPolicyframeworkinApacheCXFusesWSDL11PolicyattachmentstoenabletheuseofWSAddressing.htm

• Microsoft is already supporting WS-* technologieshttp://msdn.microsoft.com/en-us/library/ms996940.aspx

http://ws.apache.org/axis2/1_2/WS_policy.html

http://www.java2s.com/Code/Java/Web-Services-SOA/ThisdemoshowshowtheCXFWSPolicyframeworkinApacheCXFusesWSDL11PolicyattachmentstoenabletheuseofWSAddressing.htm







http://msdn.microsoft.com/en-us/library/ms996940.aspx



Conclusion

• Simple language

• Providers represent capabilities and requirements

• Policy-aware tools understand policy expressions and engage behaviors automatically

• Hides complexity

• Automates Web service interactions

• Enables secure, reliable and transacted Web services

• Need for new policies! Open and new software market for policies !

Q & A

• ?

Thank You

• H. Fırat Güvence

▫ [email protected]

mailto:[email protected]

References

• http://msdn.microsoft.com/en-us/library/ms996497.aspx

• Introduction to SOAP, 2009, H. Firat Guvence

• Specs http://www.w3.org/Submission/WS-Policy/




http://www.w3.org/Submission/WS-Policy/



Technology

Introduction To WS-Policy