Managing qualities of service for Web services and clients using policy sets
You can use policy sets to simplify configuring the qualities of service for Web services and clients. Policy sets are assertions about how Web services are defined. Using policy sets, you can combine configurations for different policies. You can use policy sets with JAX-WS applications, but not with JAX-RPC applications.
A policy set is identified by a unique name. An instance of a policy set consists of a collection of policy types. An empty policy set has no policy instance defined in it.
You can use the policy sets that are included with this product to simplify configuring the qualities of service for your Web services and clients. For example, the Reliable Secure Profile (RSP) default policy set consists of instances of the WS-SecureConversation and WS-Securitypolicy types. For more information about the policy sets that are included with this product, see the related concepts.
Policies are defined on the basis of a quality of service. Policy definitions are typically based on WS-Policy standards language. For example, the WS-Security policy is based on the current WS-SecurityPolicy language from the Organization for the Advancement of Structured Information Standards (OASIS) standards.
Policy sets omit application or user-specific information, such as keys for signing, key store information, or persistent store information. Instead, application and user-specific information is defined in the bindings. Typically, bindings are specific to the application or the user, and bindings are not normally shared. On the server side, if you do not specify a binding for a policy set, a default binding will be used for that policy set. On the client side, specify a binding for each policy set.
A policy set attachment defines which policy set is attached to service resources, and which bindings are used for the attachment. The bindings define how the policy set is attached to the resources. An attachment is defined outside of the policy set, as metadata associated with the application. To enable a policy set to work with an application, a binding is required. Use the policy set attachment wizards to configure bindings.
Policy sets can be created, deleted, copied, imported or exported within WAS using either the administrative console or the wsadmin commands. You can then import or export policy sets from the Workbench using the
Import | Web services | WebSphere Policy Sets or
Export | Web services | WebSphere Policy Sets wizards. Policy sets are then attached to Web services and clients using the
Manage Policy Set Attachments wizards.
For more information about managing policy sets, see the related tasks:
- Creating a policy set attachment on the client side
You can add security to a Web service client by attaching policy sets to the client. Each attachment specifies an endpoint, a policy set, and a binding. Because each configuration is specific to an application and a user, configure a binding for some policy types.- Creating a policy set attachment on the server side
You can add security to a Web service by attaching policy sets to the service. Each attachment specifies an endpoint, a policy set, and a binding.- Modifying policy set attachments
After you create policy set attachments for your Web service or client, you can modify attachment attributes. For example, you can specify different endpoints and policy sets. For policy set attachments on the client side, you can also specify different bindings and binding configurations.- Importing policy sets into your workspace
In addition to using the policy sets that ship with the product, you can import policy sets that were exported from a server. After importing these policy sets into your workspace, you can attach them to your Web services and clients.
Related concepts
Web services policy sets that are included with the product
Related information
Managing Web services policy sets using the server's administrative console