Search Tips   |   Advanced Search

Web services policy sets

Policy sets are assertions about how services are defined. They are used to simplify your quality of service configuration for web services.

Use policy sets only with JAX-WS applications. We cannot use policy sets with JAX-RPC applications.

Policy sets combine configuration settings, including those for transport and message level configuration, such as WS-Addressing, WS-ReliableMessaging, and WS-Security.

For examples, see:

There are two main types of policy sets:

Policies are defined based on a quality of service. Policy definition is typically based on WS-Policy standard language, for example, the WS-Security policy is based on the current WS-SecurityPolicy from the Organization for the Advancement of Structured Information Standards (OASIS) standards.

An instance of a policy set consists of a collection of policies. For example, the WS-I RSP default policy set consists of instances of the WS-Security, WS-Addressing, and WS-ReliableMessaging policy types. A policy set is identified by a unique name that is unique across the cell. An empty policy set is a policy set with no policies defined.

Use a default policy set after it is imported. To change the properties for a default, not editable policy set, copy the policy set to create an editable version to modify. See copy of default policy set and bindings settings. We can perform the following actions on policy sets:

which functions we can configure using policy sets and the relationship of the security information configured. A set of default policy sets are included that we can import; then copy and rename for reuse. Use a default policy set after it is imported, but to change any of the settings, copy the policy set to create an editable version. The configuration can then be altered and customized on the copy.

Important: We can only copy and customize policy sets using the administrative console or administrative commands. Policy sets do not function correctly if they are copied manually.

On the application server, policy sets are stored at the cell level. Policy sets are centrally located so that they are available to all applications on the server.

The following application policy sets are installed on the base or network deployment (ND) profile by default: WS-I RSP or WS-I RSP (ND), Username WSSecurity default, and WSHTTPS default. The WS-I RSP (ND) is installed in a network deployment environment.

The following policy sets are ready for you to use as is.

The application server also provides other default policy sets we can use or customize. To use the additional policy sets, import them from the default repository.

The following default policy sets are provided:

Policy sets do not include environment or platform-specific information, such as keys for signing, keystore information, or persistent store information. This type of information is defined in the binding. A policy set attachment defines how a policy set is attached to service resources and bindings. The attachment definition is outside the policy set definition and is defined as meta-data associated with application data.

Bindings are made up of environment and platform-specific information. General bindings such as the service client or provider bindings for the global security domain can be shared across applications.

To enable policy sets to work with applications, bindings are needed. Use the administrative console to configure general bindings and application specific bindings. Read about defining binding information for policy sets for more information about working with attachments and bindings.


  • General sample bindings for JAX-WS applications
  • WS-I RSP default policy sets
  • WS-ReliableMessaging default policy sets
  • Web Services Addressing support
  • Web Services Security default policy sets
  • SecureConversation default policy sets
  • WSHTTPS default policy set
  • WSTransaction default policy sets
  • Define and manage policy set bindings
  • Importing policy sets
  • Define and manage service client or provider bindings
  • Attaching and binding a WS-ReliableMessaging policy set to a web service application by
  • Attaching and binding a WS-ReliableMessaging policy set to a web service application using the wsadmin tool
  • Configure Kerberos policy sets and V2 general sample bindings
  • Create policy set attachments using the wsadmin tool
  • Copy of default policy set and bindings settings
  • Authentication generator or consumer token settings
  • Protection token settings (generator or consumer)
  • Web services specifications and APIs
  • WS-Policy working group
  • OASIS WS-SX Technical Committee