Download - Introduction To WS-Policy
Introduction to WS-Policy
by H. Fırat GüvenceWeb Service Policy
Outline
• What is WS?
• What is WS-Policy?
• Why is WS-Policy needed?
• Conceptual Placement in WS
• Technical Specification
• Vendors / Tools
• Conclusion
• Q & A
What is WS (Web Service)?
• XML
▫ SOAP
XML formatted message in order to exchange information among applications or services.
▫ WSDL
SOAP is a protocol in order to exchange information through defined services by WSDL
currently the most common language for describing the 'how' and 'where' a Web service exchanges messages
• Web services are being successfully used for interoperable solutions across various industries
WS-Policy
• Extends SOAP, XML Schema, WSDL and offer mechanisms to represent the capabilities and requirements of Web services as Policies
▫ representing whether and how a message must be secured
▫ whether and how a message must be delivered reliably
▫ whether a message must flow a transaction, etc
Why?
• Provider/Requester Security
• SOAP Data Optimization
• Header element
▫ Word of mouth?
▫ Documentation?
▫ WSDL?
• Automated tools will evaluate WSDL and generate policy-aware client and engages the WS in the way of how the WS wants.
Conceptual Placement in WS
• In WSDL and SOAP
• It can be thought of as choice of wire(s) how they may speak to each other for security, optimization, transaction.
Technical Specifications
• Simple Language
▫ Four elements
Policy
All
ExactlyOne
PolicyReference
▫ One attribute
wsp:Optional
Technical Specifications cont’d
• Cenk(Web service developer) is building a client application that retrieves real time stock quote information from IMKB.
• IMKB supplies real time data using Web services.
Technical Specifications cont’d<soap:Envelope>
<soap:Header>
<wsa:To>http://stock.contoso.com/realquote</wsa:To>
<wsa:Action>http://stock.contoso.com/GetRealQuote</wsa:Action>
</soap:Header>
<soap:Body>...</soap:Body>
</soap:Envelope>
<Policy>
<wsap:UsingAddressing />
</Policy>
policy assertion
Technical Specifications cont’d
<soap:Envelope><soap:Header><wss:Security soap:mustUnderstand="1" ><wsu:Timestamp u:Id="_0"><wsu:Created>2006-01-19T02:49:53.914Z</u:Created><wsu:Expires>2006-01-19T02:54:53.914Z</u:Expires>
</wsu:Timestamp></wss:Security><wsa:To>http://real.contoso.com/quote</wsa:To><wsa:Action>http://real.contoso.com/GetRealQuote</wsa:Action>
</soap:Header><soap:Body>...</soap:Body>
</soap:Envelope>
<Policy>
<wsap:UsingAddressing />
<sp:TransportBinding>...</sp:TransportBinding>
</Policy>
Technical Specifications cont’d
• Assertion
▫ A piece of service metadata
▫ Identifies a domain specific behavior (requirement)
Web Services Security Policy
Web Services Reliable Messaging Policy
And so forth
Technical Specifications cont’d
• Assertion con’d
▫ 3 policy operators for combining policy assertions:
Policy
All and
ExactlyOne
▫ Policy operator is a synonym for All
<All>
<wsap:UsingAddressing />
<sp:TransportBinding>...</sp:TransportBinding>
</All>
Technical Specifications cont’d
• Assertion con’d<All>
<wsap:UsingAddressing />
<sp:TransportBinding>...</sp:TransportBinding>
</All>
<ExactlyOne>
<sp:TransportBinding>...</sp:TransportBinding>
<sp:AsymmetricBinding>...</sp:AsymmetricBinding >
</ExactlyOne>
<All>
<wsap:UsingAddressing />
<ExactlyOne>
<sp:TransportBinding>...</sp:TransportBinding>
<sp:AsymmetricBinding>...</sp:AsymmetricBinding >
</ExactlyOne>
</All>
Technical Specifications cont’d
• Assertion con’d<All>
<mtom:OptimizedMimeSerialization wsp:Optional=”true”/>
<wsap:UsingAddressing />
<ExactlyOne>
<sp:TransportBinding>...</sp:TransportBinding>
<sp:AsymmetricBinding>...</sp:AsymmetricBinding >
</ExactlyOne>
</All>
Technical Specifications cont’d
▫ References, naming policies
<Policy wsu:Id=”common”>
<mtom:OptimizedMimeSerialization wsp:Optional=”true”/>
<wsap:UsingAddressing />
</Policy>
…
<PolicyReference URI=”#common”/>
Technical Specifications cont’d
▫ Attaching to WSDL
<wsdl:binding name="SecureBinding“ type="tns:RealTimeDataInterface" >
<PolicyReference URI="#secure" />
<wsdl:operation name="GetRealQuote" >…</wsdl:operation>
…
</wsdl:binding>
Vendors / Tools
• Apache Foundation, Axis2/Javahttp://ws.apache.org/axis2/1_2/WS_policy.html
• Java demo based on CXF WS-Policy framework in Apache CXF http://www.java2s.com/Code/Java/Web-Services-SOA/ThisdemoshowshowtheCXFWSPolicyframeworkinApacheCXFusesWSDL11PolicyattachmentstoenabletheuseofWSAddressing.htm
• Microsoft is already supporting WS-* technologieshttp://msdn.microsoft.com/en-us/library/ms996940.aspx
Conclusion
• Simple language
• Providers represent capabilities and requirements
• Policy-aware tools understand policy expressions and engage behaviors automatically
• Hides complexity
• Automates Web service interactions
• Enables secure, reliable and transacted Web services
• Need for new policies! Open and new software market for policies !
Q & A
• ?
References
• http://msdn.microsoft.com/en-us/library/ms996497.aspx
• Introduction to SOAP, 2009, H. Firat Guvence
• Specs http://www.w3.org/Submission/WS-Policy/