+

Search Tips   |   Advanced Search

WS-MetadataExchange requests


Use the Web Services Metadata Exchange (WS-MetadataExchange) GetMetadata request to exchange Web Services Definition Language (WSDL) that is annotated with WS-Policy information. A service provider can use a WS-MetadataExchange request to share its policies, and a service client can use a WS-MetadataExchange request to apply the policies of a provider. We can secure WS-MetadataExchange requests by using transport-level or message-level security.

The WS-MetadataExchange spec defines a mechanism to retrieve metadata from an endpoint. WAS supports the use of the WS-MetadataExchange 1.1 GetMetadata request to return metadata in a response. A service provider can use this mechanism to make WSDL that is annotated with WS-Policy information available, that is, the service provider can share its policies. A service client can use this mechanism to obtain WSDL that is annotated with WS-Policy information from a service provider and then apply those policies. The policy configuration must be in WS-PolicyAttachments format in the WSDL of the service provider.

Use a WS-MetadataExchange request as an alternative to using an HTTP Get request.

By default, a service provider or a service client does not use WS-MetadataExchange to share or obtain WS-Policy information. You must configure the service provider to share its policies, or configure the service client to apply the policies of a service provider, and specify that a WS-MetadataExchange request is used to share or obtain the policy configuration. WS-Policy information can be shared or obtained at the application or service level. We can configure the service provider or service client by using the admin console or using wsadmin commands.

Application developers can configure the service provider or service client using Rational Application Developer tools when a Web service is generated.

See the Rational Application Developer documentation.

When a service provider is configured to share its policies through WS-MetadataExchange, the service supports incoming WS-MetadataExchange GetMetadata requests that are limited to the WSDL dialect. When the service receives such a request, the WSDL of the service is returned inline through a conformant WS-MetadataExchange response. The WSDL of the service contains WS-PolicyAttachments annotations that represent the current policy configuration. The policy configuration is in WS-PolicyAttachments format in the WSDL so that it is then available to other clients, service registries or services that support the Web Services Policy (WS-Policy) spec and the WS-MetadataExchange GetMetadata request.

When a service client is configured to use WS-MetadataExchange to obtain the policy of a service provider, the service client sends a WS-MetadataExchange GetMetadata request that specifies the WSDL dialect whenever it needs to obtain or refresh the policy of the provider.

 

WS-MetadataExchange security

You must ensure that the GetMetadata request is secured so that there is effective authentication, authorization, integrity, and confidentiality. End-to-end authentication is particularly important for the exchange of security metadata (SecurityPolicy), because if an unauthorized party could access this information, security credentials could be sent to non-trusted endpoints.

The GetMetadata request is targeted at the same port as the application endpoint, so if the application uses transport-level security, the GetMetadata request is also be targeted at the secure port and will, by default, use the same transport-level security configuration of the application.

Additionally, we can apply message-level security (WS-Security) to the metadata exchange. We might want to apply message-level security if transport-level security is not available on the application endpoint, or if transport-level security is not adequate for the requirements. An advantage of message-level security is that it provides end-to-end security by incorporating security features in the header of the SOAP message.

To provide message-level security, you attach system policy sets and general (named) bindings to the endpoint when you configure the service provider or service client to exchange policy configurations.

System policy sets are used for system messages that are not business-related, whereas application policy sets specify policy assertions for business-related messages. For example, system policy sets are used for messages that apply qualities of service (QoS), which includes the messages defined in the WS-MetadataExchange protocol. To provide message-level security for a GetMetadata request, attach a system policy set that contains only WS-Security or Web Services Addressing (WS-Addressing) policies. We can specify general bindings that are scoped either to the global domain or to the security domain of the service.

When you apply message-level security, any transport policy of the application is always used.



 

Related concepts


System policy sets

 

Related tasks


Set security for a WS-MetadataExchange request
Set a service provider to share its policy configuration
Set the client.policy using a service provider policy
Learn about WS-Policy

 

Related


WS-Policy commands for AdminTask
Policies applied settings
Policy sharing settings
Policy set bindings settings