introduction to ws-policy
DESCRIPTION
my ws-policy presentation for my soa class, summer 2009TRANSCRIPT
![Page 1: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/1.jpg)
Introduction to WS-Policy
by H. Fırat GüvenceWeb Service Policy
![Page 2: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/2.jpg)
Outline
• What is WS?
• What is WS-Policy?
• Why is WS-Policy needed?
• Conceptual Placement in WS
• Technical Specification
• Vendors / Tools
• Conclusion
• Q & A
![Page 3: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/3.jpg)
What is WS (Web Service)?
• XML
▫ SOAP
XML formatted message in order to exchange information among applications or services.
▫ WSDL
SOAP is a protocol in order to exchange information through defined services by WSDL
currently the most common language for describing the 'how' and 'where' a Web service exchanges messages
• Web services are being successfully used for interoperable solutions across various industries
![Page 4: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/4.jpg)
WS-Policy
• Extends SOAP, XML Schema, WSDL and offer mechanisms to represent the capabilities and requirements of Web services as Policies
▫ representing whether and how a message must be secured
▫ whether and how a message must be delivered reliably
▫ whether a message must flow a transaction, etc
![Page 5: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/5.jpg)
Why?
• Provider/Requester Security
• SOAP Data Optimization
• Header element
▫ Word of mouth?
▫ Documentation?
▫ WSDL?
• Automated tools will evaluate WSDL and generate policy-aware client and engages the WS in the way of how the WS wants.
![Page 6: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/6.jpg)
Conceptual Placement in WS
• In WSDL and SOAP
• It can be thought of as choice of wire(s) how they may speak to each other for security, optimization, transaction.
![Page 7: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/7.jpg)
Technical Specifications
• Simple Language
▫ Four elements
Policy
All
ExactlyOne
PolicyReference
▫ One attribute
wsp:Optional
![Page 8: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/8.jpg)
Technical Specifications cont’d
• Cenk(Web service developer) is building a client application that retrieves real time stock quote information from IMKB.
• IMKB supplies real time data using Web services.
![Page 9: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/9.jpg)
Technical Specifications cont’d<soap:Envelope>
<soap:Header>
<wsa:To>http://stock.contoso.com/realquote</wsa:To>
<wsa:Action>http://stock.contoso.com/GetRealQuote</wsa:Action>
</soap:Header>
<soap:Body>...</soap:Body>
</soap:Envelope>
<Policy>
<wsap:UsingAddressing />
</Policy>
policy assertion
![Page 10: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/10.jpg)
Technical Specifications cont’d
<soap:Envelope><soap:Header><wss:Security soap:mustUnderstand="1" ><wsu:Timestamp u:Id="_0"><wsu:Created>2006-01-19T02:49:53.914Z</u:Created><wsu:Expires>2006-01-19T02:54:53.914Z</u:Expires>
</wsu:Timestamp></wss:Security><wsa:To>http://real.contoso.com/quote</wsa:To><wsa:Action>http://real.contoso.com/GetRealQuote</wsa:Action>
</soap:Header><soap:Body>...</soap:Body>
</soap:Envelope>
<Policy>
<wsap:UsingAddressing />
<sp:TransportBinding>...</sp:TransportBinding>
</Policy>
![Page 11: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/11.jpg)
Technical Specifications cont’d
• Assertion
▫ A piece of service metadata
▫ Identifies a domain specific behavior (requirement)
Web Services Security Policy
Web Services Reliable Messaging Policy
And so forth
![Page 12: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/12.jpg)
Technical Specifications cont’d
• Assertion con’d
▫ 3 policy operators for combining policy assertions:
Policy
All and
ExactlyOne
▫ Policy operator is a synonym for All
<All>
<wsap:UsingAddressing />
<sp:TransportBinding>...</sp:TransportBinding>
</All>
![Page 13: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/13.jpg)
Technical Specifications cont’d
• Assertion con’d<All>
<wsap:UsingAddressing />
<sp:TransportBinding>...</sp:TransportBinding>
</All>
<ExactlyOne>
<sp:TransportBinding>...</sp:TransportBinding>
<sp:AsymmetricBinding>...</sp:AsymmetricBinding >
</ExactlyOne>
<All>
<wsap:UsingAddressing />
<ExactlyOne>
<sp:TransportBinding>...</sp:TransportBinding>
<sp:AsymmetricBinding>...</sp:AsymmetricBinding >
</ExactlyOne>
</All>
![Page 14: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/14.jpg)
Technical Specifications cont’d
• Assertion con’d<All>
<mtom:OptimizedMimeSerialization wsp:Optional=”true”/>
<wsap:UsingAddressing />
<ExactlyOne>
<sp:TransportBinding>...</sp:TransportBinding>
<sp:AsymmetricBinding>...</sp:AsymmetricBinding >
</ExactlyOne>
</All>
![Page 15: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/15.jpg)
Technical Specifications cont’d
▫ References, naming policies
<Policy wsu:Id=”common”>
<mtom:OptimizedMimeSerialization wsp:Optional=”true”/>
<wsap:UsingAddressing />
</Policy>
…
<PolicyReference URI=”#common”/>
![Page 16: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/16.jpg)
Technical Specifications cont’d
▫ Attaching to WSDL
<wsdl:binding name="SecureBinding“ type="tns:RealTimeDataInterface" >
<PolicyReference URI="#secure" />
<wsdl:operation name="GetRealQuote" >…</wsdl:operation>
…
</wsdl:binding>
![Page 17: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/17.jpg)
Vendors / Tools
• Apache Foundation, Axis2/Javahttp://ws.apache.org/axis2/1_2/WS_policy.html
• Java demo based on CXF WS-Policy framework in Apache CXF http://www.java2s.com/Code/Java/Web-Services-SOA/ThisdemoshowshowtheCXFWSPolicyframeworkinApacheCXFusesWSDL11PolicyattachmentstoenabletheuseofWSAddressing.htm
• Microsoft is already supporting WS-* technologieshttp://msdn.microsoft.com/en-us/library/ms996940.aspx
![Page 18: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/18.jpg)
Conclusion
• Simple language
• Providers represent capabilities and requirements
• Policy-aware tools understand policy expressions and engage behaviors automatically
• Hides complexity
• Automates Web service interactions
• Enables secure, reliable and transacted Web services
• Need for new policies! Open and new software market for policies !
![Page 19: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/19.jpg)
Q & A
• ?
![Page 21: Introduction To WS-Policy](https://reader034.vdocuments.site/reader034/viewer/2022042614/557cfafed8b42a89158b4d1f/html5/thumbnails/21.jpg)
References
• http://msdn.microsoft.com/en-us/library/ms996497.aspx
• Introduction to SOAP, 2009, H. Firat Guvence
• Specs http://www.w3.org/Submission/WS-Policy/