Web services policy sets that are included with the product

You can use the policy sets that ship with this product to simplify configuring the qualities of service for your Web services. Using these policy sets, you can combine configurations for different policies.

The following WAS v7.0 system policy sets are included with the product:

• SystemWSSecurityDefault This system policy set specifies the asymmetric algorithm and both the public and private keys to provide message security. Message integrity is provided by digitally signing the body, time stamp, and WS-Addressing headers using RSA encryption. Message confidentiality is provided by encrypting the body and signature using RSA encryption. This policy set follows the WS-Security specifications for the issue and renew trust operation requests.

The following WAS v7.0 policy sets are included with the product:

• Username WSSecurity default. This policy set provides the following features:

  • Message integrity by digital signature (using RSA public-key cryptography) to sign the body, timestamp, and WS-Addressing headers using WS-Security specifications

  • Message confidentiality by encryption (using RSA public-key cryptography) to encrypt the body, signature and signature confirmation elements using WS-Security specifications

  • A username token included in the request message to authenticate the client to the service. The username token is encrypted in the request

• WS-I RSP This policy set enables unmanaged non-persistant WS-ReliableMessaging, which provides the ability to deliver a message reliably to its intended receiver. This policy set only works in a single server environment and does not work in a clustered environment. Message integrity is provided by digitally signing the body, the time stamp, and the WS-Addressing headers. Message confidentiality is provided by encrypting the body and the signature. This policy set follows the WS-SecureConversation and WS-Security specifications.

• WSHTTPS default This policy set provides SSL transport security for the HTTP protocol with Web services applications.

The following WAS v6.1 policy sets are included with the product:

• RAMP default policy sets:

  • RAMP default: Default Reliable Asynchronous Messaging Profile (RAMP) 1.0. This policy set provides the following features:

    • Reliable message delivery to the intended receiver by enabling WS-ReliableMessaging

    • Message integrity by digital signature that includes signing the body, timestamp, WS-Addressing headers and WS-ReliableMessaging headers using the WS-SecureConversation and WS-Security specifications

    • Confidentiality by encryption that includes encrypting the body, signature and signature confirmation elements, using the WS-SecureConversation and WS-Security specifications

  • LTPA RAMP default. This policy set provides the following features:

    • Reliable message delivery to the intended receiver by enabling WS-ReliableMessaging

    • Message integrity by digital signature that includes signing the body, timestamp, WS-Addressing headers and WS-ReliableMessaging headers using the WS-SecureConversation and WS-Security specifications

    • Confidentiality by encryption that includes encrypting the body, signature and signature confirmation elements, using the WS-SecureConversation and WS-Security specifications

    • A Lightweight Third Party Authentication (LTPA) token included in the request message to authenticate the client to the service

  • Username RAMP default. This policy set provides the following features:

    • Reliable message delivery to the intended receiver by enabling WS-ReliableMessaging

    • Message integrity by digital signature that includes signing the body, timestamp, WS-Addressing headers and WS-ReliableMessaging headers using the WS-SecureConversation and WS-Security specifications

    • Confidentiality by encryption that includes encrypting the body, signature and signature confirmation elements, using the WS-SecureConversation and WS-Security specifications

    • A user name token included in the request message to authenticate the client to the service. The user name token is encrypted in the request

• SecureConversation policy sets:

  • SecureConversation. This policy set provides the following features:

    • Message integrity by digital signature that includes signing the body, timestamp, and WS-Addressing headers using WS-SecureConversation and WS-Security specifications

    • Message confidentiality by encryption that includes encrypting the body, signature and signature confirmation elements, using WS-SecureConversation and WS-Security specifications

  • LTPA SecureConversation. This policy set provides the following features:

    • Message integrity by digital signature that includes signing the body, timestamp, and WS-Addressing headers using WS-SecureConversation and WS-Security specifications

    • Message confidentiality by encryption that includes encrypting the body, signature and signature confirmation elements, using WS-SecureConversation and WS-Security specifications

    • A Lightweight Third Party Authentication (LTPA) token included in the request message to authenticate the client to the service

  • Username SecureConversation. This policy set provides the following features:

    • Message integrity by digital signature that includes signing the body, timestamp, and WS-Addressing headers using WS-SecureConversation and WS-Security specifications

    • Message confidentiality by encryption that includes encrypting the body, signature and signature confirmation elements, using WS-SecureConversation and WS-Security specifications

    • A username token included in the request message to authenticate the client to the service. The username token is encrypted in the request

• WSReliableMessaging policy sets:

  • WSReliableMessaging default. This policy set enables both WS-ReliableMessaging and WS-Addressing, and the policy set uses the minimum quality of service unmanaged non-persistent. This quality of service requires minimal configuration. However it is non-transactional and, although it allows for the re-sending of messages that are lost in the network, failure of a server results in lost messages. This quality of service is for single server only; it does not work in a cluster.

  • WSReliableMessaging 1_0. This policy set enables both WS-ReliableMessaging Version 1.0 and WS-Addressing, and it uses the minimum quality of service unmanaged non-persistent. This quality of service requires minimal configuration. This quality of service is non-transactional, however. Although it allows for the re-sending of messages that are lost in the network, failure of a server results in lost messages. This quality of service is for single-server use only; it does not work in a cluster. You can use this policy set with .NET-based Web services.

  • WSReliableMessaging persistent. This policy set enables both WS-ReliableMessaging and WS-Addressing, and the policy set uses the maximum quality of service managed persistent. This quality of service supports asynchronous Web service invocations, and uses a service integration messaging engine and message store to manage the sequence state. Messages are processed within transactions, are persisted at the Web service requester server and at the Web service provider server, and are recoverable in the event of server failure.

• WSSecurity default policy sets:

  • WSSecurity default. This policy set provides the following features:

    • Message integrity by digital signature (using RSA public-key cryptography) to sign the body, timestamp, and WS-Addressing headers using WS-Security specifications

    • Message confidentiality by encryption (using RSA public-key cryptography) to encrypt the body, signature and signature confirmation elements using WS-Security specifications

  • LTPA WSSecurity default. This policy set provides the following features:

    • Message integrity by digital signature (using RSA public-key cryptography) to sign the body, timestamp, and WS-Addressing headers using WS-Security specifications

    • Message confidentiality by encryption (using RSA public-key cryptography) to encrypt the body, signature and signature confirmation elements using WS-Security specifications

    • A Lightweight Third Party Authentication (LTPA) token included in the request message to authenticate the client to the service

  • Username WSSecurity default. This policy set provides the following features:

    • Message integrity by digital signature (using RSA public-key cryptography) to sign the body, timestamp, and WS-Addressing headers using WS-Security specifications

    • Message confidentiality by encryption (using RSA public-key cryptography) to encrypt the body, signature and signature confirmation elements using WS-Security specifications

    • A username token included in the request message to authenticate the client to the service. The username token is encrypted in the request

• WSTransaction policy sets:

  • WSTransaction. This policy set enables WS-Transaction, which provides the ability to coordinate distributed transactional work atomically and interoperably using the WS-AtomicTransaction specification.

  • SSL WSTransaction. This policy set enables WS-Transaction, which provides the ability to coordinate distributed transactional work atomically, interoperably and securely using the WS-AtomicTransaction specification and SSL Transport security.

• Other default policy sets:

  • WSAddressing default. This policy set enables WS-Addressing support, which uses endpoint references and message addressing properties to facilitate the addressing of Web services in a standard and interoperable way.

  • WSHTTPS default. This policy set provides SSL transport security for the HTTP protocol with Web services applications.

 

Related concepts

Managing qualities of service for Web services and clients using policy sets

Web services policies

---