WSMetadataExchange
is a protocol that ful?¬?lls exactly that purpose.
It allows one caller to query one web service and obtain its
metadata information, typically WSDL/policies.
WS-SecurityPolicy
WS-SecurityPolicy de?¬?nes an assertion framework (that is, a
collection of assertions and assertion operators) aimed at expressing
security requirements for the invocation of web services.
It builds upon the more generic WS-Policy, standardizing
how to express requirements such as how to mandate in a message
the presence of a security token of a certain shape, which
parts of a message should be signed or encrypted and with
which keys, and so on. Although WS-Policy is generic enough
to express any policy, it is good to have, for security, a set of
standard assertions with a well-known semantic to which every
platform and product can refer without further negotiations.
WS-Federation
We already encountered the concept of federation. However, it
is worth revisiting the concept. A federation is a set of two or
more entities, where resources of one entity can be accessed by
identities belonging to another entity. If that sounds confusing,
just think of the example offered in the sections ???User Control
and Consent,??? ???Minimal Disclosure for a Constrained Use,??? and
Use WSMetadataExchange
for asking a web
service about its
metadata
WS-SecurityPolicy
is a dialect of WSPolicy
that deals
with security
concepts
WS-Federation
builds on top of
WS-Trust and WSSecurity
for modeling
message
exchanges in federated
scenarios
WS-* Web Services Speci?¬?cations: The Rei?¬?cation of the Identity Metasystem 155
???Claim Transformers.
Pages:
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266