WS-Policy

WS-Policy is a specification that allows web services to use XML to advertise their policies (on security, quality of service, etc.) and for web service consumers to specify their policy requirements. WS-Policy is a W3C recommendation as of September 2007. WS-Policy represents a set of specifications that describe the capabilities and constraints of the security (and other business) policies on intermediaries and end points (for example, required security tokens, supported encryption algorithms, and privacy rules) and how to associate policies with services and end points.

• To integrate software systems with web services
• Need a way to express web services characteristics
• Without this standard, developers need docs
• Provides a flexible and extensible grammar for expressing the capabilities, requirements, and general characteristics of Web Service entities
• Defines a model to express these properties as policies
• Provide the mechanisms needed to enable Web Services applications to specify policies

WS-Policy specifies:

• An XML-based structure called a policy expression containing policy information
• Grammar elements to indicate how the contained policy assertions apply

Terminology:

• Policy: refers to the set of information being expressed as policy assertions
• Policy Assertion: represents an individual preference, requirement, capability, etc.
• Policy Expression: set of one or more policy assertions
• Policy Subject: an entity to which a policy expression can be bound

Policy Namespaces:

• WS-Policy schema defines all constructs that can used in a policy expression

Prefix	Description	Namespace
wsp	WS-Policy, WS-PolicyAssertions, and WS_PolicyAttachment	http://schemas.xmlsoap.org/ws/2002/12/policy
wsse	WS-SecurityPolicy	http://schemas.xmlsoap.org/ws/2002/12/secext
wsu	WS utility schema	http://schemas.xmlsoap.org/ws/2002/07/utility
msp	WSE 2.0 policy schema	http://schemas.microsoft.com/wse/2003/06/policy