WSPolicy
provides a generic purpose for describing such requirements,
which are said to be the policy of the web service.
WS-Policy (and its sister speci?¬?cation, WS-PolicyAttachment)
does not de?¬?ne any domain-speci?¬?c policy assertion such as the
one about authentication in the preceding sample. It is a generic
mechanism for associating requirements (???policy assertions???) to
a web service, and as such it does not mandate any particular
format. Other speci?¬?cations, such as WS-SecurityPolicy
described later, leverage this general-purpose mechanism for
codifying requirements of a speci?¬?c domain.
WS-Security
WS-Security was the ?¬?rst speci?¬?cation building on the extensibility
capabilities of SOAP. Although the speci?¬?cation itself and
its derivatives are fairly complex, the purpose of WS-Security is
straightforward. It de?¬?nes ways of protecting SOAP message
exchanges and provides a means of transporting security-related
information.
Given the enormous success of XML, the industry soon felt the
need to provide some security mechanism that could guarantee
con?¬?dentiality and integrity to the new format, without giving
up its cross-platform reach. As a result, the W3C devised two
standards, XML Signature and XML Encryption, which describe
ways of applying cryptography to XML documents (see the section
???Cryptography: A Minimal Introduction??? in Chapter 1).
Pages:
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252