Web services policies
Policies define the type of web service policy based on the quality of service type. Policies are initially set with default settings but the attributes can be edited and changed.
Provided policies include:
- WS-Addressing
- Based on the World Wide Web Consortium (W3C) WS-Addressing specifications for web services. This family of specifications provide transport-neutral mechanisms to address web services and to facilitate end-to-end addressing. This specification provides asynchronous support.
- WS-Security
- Based on the WS-Secure Conversation (WS-SC) and WS-Security specifications along with the associated token profiles. The WS-Security specification and its associated token profiles define a way to send security tokens and provide message integrity and confidentiality. The WS-Secure Conversation specification establishes a secure context, based on shared keys, for the client and server to use for a series of messages. This standard provides a framework across organizations that defines how to secure the entire conversation. Use the WS-Security policy to define how the SOAP messages are secured. It has options such as:
- which message parts are signed and encrypted
- the tokens types to be included
- whether to use symmetric or asymmetric cryptography
We can also use WS-Security policies to define the bootstrap policy used to acquire security context tokens. Security context tokens are used by secure conversation.
- WS-Reliable Messaging (WS-RM)
- This specification enables the sender and receiver to assure the quality of services in a set of messages. It helps the application developer deal with latency issues, maintenance interruption, and other problems that prevent messages from being completed. This quality assurance is critical for stateful applications.
- WS-Transaction
- This specification provides support for coordination of atomic transactions or business activities for web services applications. We can enable WS-Transaction on both the client (outbound) and server (inbound) side by attaching a policy set that enables the WS-Transaction policy as part of the policy set. This policy is based on the WS-AtomicTransaction specification and the WS-BusinessActivity specification, together with the WS-Coordination specification.
- HTTP Transport
- The HTTP transport policy applies the HTTP features and HTTP connections polices to outbound messages. The response listener policy is enforced on inbound messages.
- SSL Transport
- Provides SSL transport security for the HTTP protocol with web services applications.
- JMS Transport
- When using the SOAP over JMS transport with JAX-WS applications, we can customize the transport by configuring the JMS transport policy. The SOAP over JMS transport provides an alternative to HTTPS for transporting SOAP requests and response messages between clients and servers. Use the JMS transport policy to configure a service that uses the JMS transport to send asynchronous response messages back to the client.
- Custom Properties
- Provides the ability to specify generic binding properties for web service applications. The CustomProperties binding is only supported for service clients.
Related information:
WS-Policy working group OASIS WS-SX Technical Committee