WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results
             New or updated topic for this feature pack

Web services policy sets

Policy sets are assertions about how services are defined. They are used to simplify your quality of service configuration for Web services.

Note: You can only use policy sets with Java API for XML-Based Web Services (JAX-WS) applications. You cannot use policy sets with Java API for XML-based RPC (JAX-RPC) applications.

Policy sets combine configuration settings, including those for transport and message level configuration, such as WS-Addressing, WS-ReliableMessaging, and WS-Security.

Policies are defined based on a quality of service. Policy definition is typically based on WS-Policy standard language, for example, the WS-Security policy is based on the current WS-SecurityPolicy from the Organization for the Advancement of Structured Information Standards (OASIS) standards.

An instance of a policy set consists of a collection of policies. For example, the RAMP default policy set consists of instances of the WS-Security, WS-Addressing, and WS-ReliableMessaging policy types. A policy set is identified by a unique name that is unique across the cell. An empty policy set is a policy set with no policy instance defined. You can perform the following actions on policy sets:

Note which functions you can configure using policy sets and the relationship of the security information that is configured. A set of default policy sets are included that you can copy and rename for reuse. The configuration can then be altered and customized on the copy, but the default policy sets are read only and cannot be changed. Also note that you can only copy and customize policy sets using the administrative console or administrative commands. Policy sets do not function correctly if they are copied manually.

On the application server, policy sets are stored at the cell level. Policy sets are centrally located so that they are available to all applications on the server.

The following default policy sets are provided:
RAMP default
This policy set provides:
  • Reliable message delivery to the intended receiver by enabling WS-ReliableMessaging
  • Message integrity through digital signature that includes signing the body, time stamp, WS-Addressing headers and WS-ReliableMessaging headers using the WS-SecureConversation and WS-Security specifications
  • Confidentiality through encryption that includes encrypting the body, signature elements, using the WS-SecureConversation and WS-Security specifications
LTPA RAMP default
This policy set provides:
  • Reliable message delivery to the intended receiver by enabling WS-ReliableMessaging
  • Message integrity through digital signature that includes signing the body, time stamp, WS-Addressing headers and WS-ReliableMessaging headers using the WS-SecureConversation and WS-Security specifications
  • Confidentiality through encryption that includes encrypting the body, signature elements, using the WS-SecureConversation and WS-Security specifications
  • A Lightweight Third Party Authentication (LTPA) token included in the request message to authenticate the client to the service
Username RAMP default
This policy set provides:
  • Reliable message delivery to the intended receiver by enabling WS-ReliableMessaging
  • Message integrity through digital signature that includes signing the body, time stamp, WS-Addressing headers and WS-ReliableMessaging headers using the WS-SecureConversation and WS-Security specifications
  • Confidentiality through encryption that includes encrypting the body, signature elements, using the WS-SecureConversation and WS-Security specifications
  • A username token included in the request message to authenticate the client to the service. The username token is encrypted in the request
SecureConversation
This policy set provides:
  • Message integrity through digital signature that includes signing the body, time stamp, and WS-Addressing headers using WS-SecureConversation and WS-Security specifications
  • Message confidentiality through encryption that includes encrypting the body, signature and signature confirmation elements, using WS-SecureConversation and WS-Security specifications
LTPA SecureConversation
This policy set provides:
  • Message integrity through digital signature that includes signing the body, time stamp, and WS-Addressing headers using WS-SecureConversation and WS-Security specifications
  • Message confidentiality through encryption that includes encrypting the body, signature and signature confirmation elements, using WS-SecureConversation and WS-Security specifications
  • A Lightweight Third Party Authentication (LTPA) token included in the request message to authenticate the client to the service
Username SecureConversation
This policy set provides:
  • Message integrity through digital signature that includes signing the body, time stamp, and WS-Addressing headers using WS-SecureConversation and WS-Security specifications
  • Message confidentiality through encryption that includes encrypting the body, signature and signature confirmation elements, using WS-SecureConversation and WS-Security specifications
  • A username token included in the request message to authenticate the client to the service. The username token is encrypted in the request
WSAddressing default
Enables WS-Addressing support, which uses endpoint references and message addressing properties to facilitate the addressing of Web services in a standard and interoperable way.
WSHTTPS default
Provides SSL transport security for the HTTP protocol with Web services applications.
WSReliableMessaging default
This policy set enables both WS-ReliableMessaging and WS-Addressing and uses the minimum quality of service, unmanaged non-persistent. This quality of service requires minimal configuration. However, it is non-transactional and, although it allows for the resending of messages that are lost in the network, failure of a server results in lost messages. This quality of service is for single server only and does not function in a cluster.
WSReliableMessaging persistent
This policy set enables both WS-ReliableMessaging and WS-Addressing and uses the maximum quality of service, managed persistent. This quality of service supports asynchronous Web service invocations and uses a service integration messaging engine and message store to manage the sequence state. Messages are processed within transactions are persisted at the Web service requester server and at the Web service provider server, and are recoverable in the event of server failure.
Because this policy set specifies managed persistent quality of service, you need to define bindings to the service integration bus and messaging engine that you want to use to manage the WS-ReliableMessaging state. For more information, see Attaching and binding a WS-ReliableMessaging policy set to a Web service application using the administrative console or using the wsadmin tool.
WSReliableMessaging 1_0
This policy set enables both WS-ReliableMessaging Version 1.0 and WS-Addressing and uses the minimum quality of service, unmanaged non-persistent. This quality of service requires minimal configuration. However, it is non-transactional and, although it allows for the resending of messages that are lost in the network, failure of a server results in lost messages. This quality of service is for single server only and does not function in a cluster.
You can use this policy set with .NET-based Web services.
WSSecurity default
This policy set provides:
  • Message integrity through digital signature (using RSA public-key cryptography) to sign the body, time stamp, and WS-Addressing headers using WS-Security specifications.
  • Message confidentiality through encryption (using RSA public-key cryptography) to encrypt the body, signature and signature elements using WS-Security specifications.
LTPA WSSecurity default
This policy set provides:
  • Message integrity through digital signature (using RSA public-key cryptography) to sign the body, time stamp, and WS-Addressing headers using WS-Security specifications.
  • Message confidentiality through encryption (using RSA public-key cryptography) to encrypt the body, signature and signature elements using WS-Security specifications.
  • A Lightweight Third Party Authentication (LTPA) token included in the request message to authenticate the client to the service.
Username WSSecurity default
This policy set provides:
  • Message integrity through digital signature (using RSA public-key cryptography) to sign the body, time stamp, and WS-Addressing headers using WS-Security specifications.
  • Message confidentiality through encryption (using RSA public-key cryptography) to encrypt the body, signature and signature elements using WS-Security specifications.
  • A username token included in the request message to authenticate the client to the service. The username token is encrypted in the request.
WSTransaction
Enables WS-Transaction, which provides the ability to coordinate distributed transactional work atomically and interoperably using the WS-AtomicTransaction specification.
SSL WSTransaction
Enables WS-Transaction, which provides the ability to coordinate distributed transactional work atomically, interoperably and securely using the WS-AtomicTransaction specification and SSL Transport security.

Policy sets do not include environment or platform-specific information, such as keys for signing, keystore information, or persistent store information. This type of information is defined in the binding. A policy set attachment defines how a policy set is attached to service resources and bindings. The attachment definition is outside the policy set definition and is defined as meta-data associated with application data.

Bindings are made up of environment and platform-specific information. Typically, bindings are specific to the application or the platform, and bindings are not typically shared. There is one default binding that all policy sets can use. However, custom bindings are defined within the application.

To enable policy sets to work with applications, bindings are needed. Use the administrative console to configure custom bindings. Read about defining binding information for policy sets for more information about working with attachments and bindings.




Related concepts
RAMP default policy sets
WS-ReliableMessaging default policy sets
Web Services Addressing support
WSSecurity default policy sets
SecureConversation default policy sets
WSHTTPS default policy set
Related tasks
Defining binding information for policy sets
Creating policy set attachments using the wsadmin tool
Managing policy sets using the administrative console
Related reference
Web services specifications and APIs
Related information
WS-Policy working group
OASIS WS-SX Technical Committee
Concept topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/cwbs_wsspsps.html