Successfully reported this slideshow.

Introduction To WS-Policy

3,795 views

Published on

my ws-policy presentation for my soa class, summer 2009

Published in: Technology
  • Be the first to comment

Introduction To WS-Policy

  1. 1. Introduction to WS-Policy by H. Fırat Güvence Web Service Policy
  2. 2. Outline • What is WS? • What is WS-Policy? • Why is WS-Policy needed? • Conceptual Placement in WS • Technical Specification • Vendors / Tools • Conclusion • Q&A
  3. 3. What is WS (Web Service)? • XML ▫ SOAP  XML formatted message in order to exchange information among applications or services. ▫ WSDL  SOAP is a protocol in order to exchange information through defined services by WSDL  currently the most common language for describing the 'how' and 'where' a Web service exchanges messages • Web services are being successfully used for interoperable solutions across various industries
  4. 4. WS-Policy • Extends SOAP, XML Schema, WSDL and offer mechanisms to represent the capabilities and requirements of Web services as Policies ▫ representing whether and how a message must be secured ▫ whether and how a message must be delivered reliably ▫ whether a message must flow a transaction, etc
  5. 5. Why? • Provider/Requester Security • SOAP Data Optimization • Header element ▫ Word of mouth? ▫ Documentation? ▫ WSDL? • Automated tools will evaluate WSDL and generate policy-aware client and engages the WS in the way of how the WS wants.
  6. 6. Conceptual Placement in WS • In WSDL and SOAP • It can be thought of as choice of wire(s) how they may speak to each other for security, optimization, transaction.
  7. 7. Technical Specifications • Simple Language ▫ Four elements  Policy  All  ExactlyOne  PolicyReference ▫ One attribute  wsp:Optional
  8. 8. Technical Specifications cont’d • Cenk(Web service developer) is building a client application that retrieves real time stock quote information from IMKB. • IMKB supplies real time data using Web services.
  9. 9. Technical Specifications cont’d <soap:Envelope> <soap:Header> <wsa:To>http://stock.contoso.com/realquote</wsa:To> <wsa:Action>http://stock.contoso.com/GetRealQuote</wsa:Action> </soap:Header> <soap:Body>...</soap:Body> </soap:Envelope> <Policy> <wsap:UsingAddressing /> </Policy> policy assertion
  10. 10. Technical Specifications cont’d <soap:Envelope> <soap:Header> <wss:Security soap:mustUnderstand="1" > <wsu:Timestamp u:Id="_0"> <wsu:Created>2006-01-19T02:49:53.914Z</u:Created> <wsu:Expires>2006-01-19T02:54:53.914Z</u:Expires> </wsu:Timestamp> </wss:Security> <wsa:To>http://real.contoso.com/quote</wsa:To> <wsa:Action>http://real.contoso.com/GetRealQuote</wsa:Action> </soap:Header> <soap:Body>...</soap:Body> </soap:Envelope> <Policy> <wsap:UsingAddressing /> <sp:TransportBinding>...</sp:TransportBinding> </Policy>
  11. 11. Technical Specifications cont’d • Assertion ▫ A piece of service metadata ▫ Identifies a domain specific behavior (requirement)  Web Services Security Policy  Web Services Reliable Messaging Policy  And so forth
  12. 12. Technical Specifications cont’d • Assertion con’d ▫ 3 policy operators for combining policy assertions:  Policy  All and  ExactlyOne ▫ Policy operator is a synonym for All <All> <wsap:UsingAddressing /> <sp:TransportBinding>...</sp:TransportBinding> </All>
  13. 13. Technical Specifications cont’d • Assertion con’d <All> <wsap:UsingAddressing /> <sp:TransportBinding>...</sp:TransportBinding> </All> <ExactlyOne> <sp:TransportBinding>...</sp:TransportBinding> <sp:AsymmetricBinding>...</sp:AsymmetricBinding > </ExactlyOne> <All> <wsap:UsingAddressing /> <ExactlyOne> <sp:TransportBinding>...</sp:TransportBinding> <sp:AsymmetricBinding>...</sp:AsymmetricBinding > </ExactlyOne> </All>
  14. 14. Technical Specifications cont’d • Assertion con’d <All> <mtom:OptimizedMimeSerialization wsp:Optional=”true”/> <wsap:UsingAddressing /> <ExactlyOne> <sp:TransportBinding>...</sp:TransportBinding> <sp:AsymmetricBinding>...</sp:AsymmetricBinding > </ExactlyOne> </All>
  15. 15. Technical Specifications cont’d ▫ References, naming policies <Policy wsu:Id=”common”> <mtom:OptimizedMimeSerialization wsp:Optional=”true”/> <wsap:UsingAddressing /> </Policy> … <PolicyReference URI=”#common”/>
  16. 16. Technical Specifications cont’d ▫ Attaching to WSDL <wsdl:binding name="SecureBinding“ type="tns:RealTimeDataInterface" > <PolicyReference URI="#secure" /> <wsdl:operation name="GetRealQuote" >…</wsdl:operation> … </wsdl:binding>
  17. 17. Vendors / Tools • Apache Foundation, Axis2/Java http://ws.apache.org/axis2/1_2/WS_policy.html • Java demo based on CXF WS-Policy framework in Apache CXF http://www.java2s.com/Code/Java/Web-Services- SOA/ThisdemoshowshowtheCXFWSPolicyframewo rkinApacheCXFusesWSDL11Policyattachmentstoen abletheuseofWSAddressing.htm • Microsoft is already supporting WS-* technologies http://msdn.microsoft.com/en- us/library/ms996940.aspx
  18. 18. Conclusion • Simple language • Providers represent capabilities and requirements • Policy-aware tools understand policy expressions and engage behaviors automatically • Hides complexity • Automates Web service interactions • Enables secure, reliable and transacted Web services • Need for new policies! Open and new software market for policies !
  19. 19. Q&A •?
  20. 20. Thank You • H. Fırat Güvence ▫ hguvence@gmail.com
  21. 21. References • http://msdn.microsoft.com/en- us/library/ms996497.aspx • Introduction to SOAP, 2009, H. Firat Guvence • Specs http://www.w3.org/Submission/WS- Policy/

×