WS-Policy Brian Garback. 2 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy.

Slides:



Advertisements
Similar presentations
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 2 Introduction to XHTML Programming the World Wide Web Fourth edition.
Advertisements

1
Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.
Copyright © 2003 Pearson Education, Inc. Slide 7-1 Created by Cheryl M. Hughes, Harvard University Extension School Cambridge, MA The Web Wizards Guide.
Copyright © 2003 Pearson Education, Inc. Slide 3-1 Created by Cheryl M. Hughes The Web Wizards Guide to XML by Cheryl M. Hughes.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2003 Chapter 11 Ethernet Evolution: Fast and Gigabit Ethernet.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
David Burdett May 11, 2004 Package Binding for WS CDL.
Jeff Mischkinsky Nickolas Kavantzas Goran Olsson Web Services Choreography.
WS-Policy F2F Austin, TX July 2006 Report on WS-Policy Interop Workshop of April 2006 (Round 3) Toufic Boubez Layer 7 Technologies.
® IBM Software Group © IBM Corporation WS-Policy Attachment- spec overview Maryann Hondo IBM.
18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
Break Time Remaining 10:00.
Turing Machines.
PP Test Review Sections 6-1 to 6-6
1 WSDL: Web Service Description Language Gary Sharp Mike Breakiron.
EU market situation for eggs and poultry Management Committee 20 October 2011.
EU Market Situation for Eggs and Poultry Management Committee 21 June 2012.
Bright Futures Guidelines Priorities and Screening Tables
Copyright 2007, Information Builders. Slide 1 Introduction to Web Services Efrem Litwin Director, WebFOCUS Integration Products Information Builders.
Name Convolutional codes Tomashevich Victor. Name- 2 - Introduction Convolutional codes map information to code bits sequentially by convolving a sequence.
IONA Technologies Position Paper Constraints and Capabilities for Web Services
Claus von Riegen, SAP AG WS-Policy Overview W3C Workshop on Constraints and Capabilities for Web Services.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
XML Web Services Monash University Semester 1, March 2006.
31242/32549 Advanced Internet Programming Advanced Java Programming
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
Adding Up In Chunks.
WS-SecureConversation Xiuduan Fang. 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action.
WS – Security Policy Prabath Siriwardena Director, Security Architecture.
Model and Relationships 6 M 1 M M M M M M M M M M M M M M M M
Presentation 7 part 2: SOAP & WSDL.
Chapter 2 Entity-Relationship Data Modeling: Tools and Techniques
Analyzing Genes and Genomes
1 Let’s Recapitulate. 2 Regular Languages DFAs NFAs Regular Expressions Regular Grammars.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Essential Cell Biology
Intracellular Compartments and Transport
PSSA Preparation.
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
Energy Generation in Mitochondria and Chlorplasts
Murach’s OS/390 and z/OS JCLChapter 16, Slide 1 © 2002, Mike Murach & Associates, Inc.
User Defined Functions Lesson 1 CS1313 Fall User Defined Functions 1 Outline 1.User Defined Functions 1 Outline 2.Standard Library Not Enough #1.

Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Kemal Baykal Rasim Ismayilov
1 WS-Policy. 2 What’s the Problem? To use a web service a client needs more information than is provided in WSDL file. Examples: –Does service support.
Florida Atlantic University Department of Electrical and Computer Engineering &Computer Science ( ECECS ) &Computer Science ( ECECS ) Security Systems.
WS-Policy Brian Garback Department of Computer Science
Presentation transcript:

WS-Policy Brian Garback

2 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action

3 Introduction to WS-Policy  Why? To integrate software systems with web services Need a way to express its characteristics  When/Does it require … WS-Security? signed messages? encryption?  What security tokens is it capable of processing?  What tokens does it prefer? Without this standard, developers need docs

4 Introduction to WS-Policy  What? Provides a flexible and extensible grammar for expressing the capabilities, requirements, and general characteristics of Web Service entities  How? Defines a model to express these properties as policies

5 Introduction to WS-Policy  Goal: Provide the mechanisms needed to enable Web Services applications to specify policies  WS-Policy specifies: 1. An XML-based structure called a policy expression containing policy information 2. Grammar elements to indicate how the contained policy assertions apply

6 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action

7 Terminology  Policy: refers to the set of information being expressed as policy assertions  Policy Assertion: represents an individual preference, requirement, capability, etc.  Policy Expression: set of one or more policy assertions  Policy Subject: an entity to which a policy expression can be bound

8 Terminology  Policy Attachment : the mechanism for associating policy expressions with one or more subjects

9 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action

10 Policy Expressions  A Policy Expression is the XML representation of a policy XML facilitates interoperability between a heterogeneous platforms  We will look at how to name and identify them

11 Policy Namespaces  WS-Policy schema defines all constructs that can used in a policy expression WS-Policy schema PrefixDescriptionNamespace wspWS-Policy, WS-PolicyAssertions, and WS-PolicyAttachment org/ws/2002/12/policy wsseWS-SecurityPolicyhttp://schemas.xmlsoap. org/ws/2002/12/secext wsuWS utilty schemahttp://schemas.xmlsoap. org/ws/2002/07/utility mspWSE 2.0 policy schemahttp://schemas.microsoft. com/wse/2003/06/Policy

12 Policy Namespaces  wsp:Policy Representation of a policy expression Container for policy assertions The wsu:Id attribute assigns the policy expression an ID value as a URI

13 Policy Expression Naming  A full ID is formed by: #  Policy Expression: <wsp:Policy xmlns:wsp="..." xmlns:wsu="..." wsu:Id="MyPolicies" >...  Policy Reference:......

14 Policy Expression Naming  Alternatively, use namespace-qualified name Add Name and TargetNamespace :  Reference:......

15 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action

16 Policy Assertions  A policy assertion: represents an individual preference, requirement, capability, or other characteristic is the basic building block of a policy expression an XML element with a well-known name and meaning...

17 Types of Assertions  Two types: 1. Requirements and capabilities that are explicitly manifested on the wire 2. No wire manifestation, just provide information

18 The Usage Qualifier  wsp:Usage distinguishes between different types of assertions how assertions are processed ValueMeaning wsp:Required The assertion must be applied, otherwise an error results wsp:Rejected The assertion is not supported and, if present, will cause failure wsp:Optional The assertion may be made of the subject, but is not required wsp:Observed The assertion will be applied to all subjects and requestors are told wsp:Ignored The assertion will be ignored if present and requestors are told

19  What does this Assertion state? Two policy assertions: 1. Security Token is required 2. Use of AES is required Assertion Example wsse:Kerberosv5ST <wsse:Algorithm Type="wsse:AlgSignature“ URI=" />

20 Assertion Preference  wsp:Preference attribute: Used to specify the service’s preference as an integer value Larger integer => higher preference Omitted preference attribute is interpreted as a 0

21  What does this Assertion state?  The subject prefers X.509 certificates over UsernameTokens Assertion Preference Example wsse:UsernameToken <wsse:SecurityToken wsp:Usage="wsp:Optional“ wsp:Preference="1"> wsse:x509v3

22 Standard Policy Assertions  WS-PolicyAssertions defines four general policy assertions for any subject Policy AssertionDescription wsp:TextEncodingSpecifies a character encoding wsp:LanguageSpecifies a natural language (xml:Lang) wsp:SpecVersionSpecifies a version of a particular specification wsp:MessagePredicateSpecifies a predicate that can be tested against the message (XPath expressions by default)

23  What does this Assertion state?  The subject requires 1. The UTF-8 character encoding 2. Any form of the English language 3. SOAP version 1.1 General Assertion Example <wsp:SpecVersion wsp:Usage="wsp:Required" URI=" />...

24  What does this Assertion state?  Must be: 1. Exactly one wsse:Security header element 2. Exactly one child within the soap:Body element General Assertion Example count(wsp:GetHeader(.)/wsse:Security) = 1 count(wsp:GetBody(.)/*) = 1...

25 WS-SecurityPolicy  Defines a set of security-related assertions Policy AssertionDescription wsse:SecurityTokenSpecifies a type of security token (defined by WS- Security) wsse:IntegritySpecifies a signature format (defined by WS-Security) wsse:ConfidentialitySpecifies an encryption format (defined by WS-Security) wsse:VisibilitySpecifies portions of a message that MUST be able to be processed by an intermediary or endpoint wsse:SecurityHeaderSpecifies how to use the header defined in WS-Security wsse:MessageAgeSpecifies the acceptable time period before messages are declared "stale" and discarded

26 Combining Multiple Assertions  Policy operators are used to combine assertions Can nest operators Policy OperatorDescription wsp:AllRequires that all of its child elements be satisfied wsp:ExactlyOneRequires that exactly one child to be satisfied wsp:OneOrMoreRequires that at least one child be satisfied wsp:PolicySame as wsp:All

27  What does this Assertion state?  Exactly one child must be satisfied Assertion Combination Example wsse:UsernameToken wsse:x509v3 wsse:Kerberosv5ST

28 Policy Reference  Mechanism to share policy assertions across policy expressions  Uses the naming conventions discussed above... <wsp:PolicyReference URI="..." Ref="..." Digest="..." DigestAlgorithm="..." />...

29 Policy Reference Example wsse:UsernameToken wsse:x509v3 wsse:Kerberosv5ST

30 Policy Reference Example <wsp:Policy wsu:Id="tokensWithSignature" xmlns:wsp="..." xmlns:wsse="...">... <wsp:Policy wsu:Id="tokensWithEncryption" xmlns:wsp="..." xmlns:wsse="...">...

31 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action

32 Policy Attachments  WS-PolicyAttachment defines mechanisms to associate expressions with subjects  Specifically defines mechanisms for: XML elements WSDL definitions UDDI entries  Uses attributes 1. wsp:PolicyURIs – list of URIs 2. wsp:PolicyPrefs – list of QNames

33 Policy Attachments  The attribute wsp:PolicyAttachment binds an endpoint to a policy expression Requires no change to the web service s:SomePortType s:SomeService...

34 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action

35 Conclusion of WS-Policy  The policy specifications define a standard framework  Developers can: express requirements, capabilities, and preferences in an interoperable way select web services more meaningfully  Policies provide support for standard assertions

36 Primary References  us/dnglobspec/html/ws-policy.asp#ws-policy__toc us/dnglobspec/html/ws-policy.asp#ws-policy__toc Official document describing WS-Policy  us/dnwebsrv/html/understwspol.asp us/dnwebsrv/html/understwspol.asp “Understanding WS-Policy” – A great reference that I used a lot for this presentation. Provides a great, easy explanation of WS-Policy.

37 Secondary References  This is the policy schema definition  us/dnglobspec/html/ws-policyassertions.asp us/dnglobspec/html/ws-policyassertions.asp Provides a very detailed description of WS-PolicyAssertions  us/dnglobspec/html/ws-policyattachment.asp us/dnglobspec/html/ws-policyattachment.asp Provides a very detailed description of WS-PolicyAttachment  us/dnglobspec/html/ws-securitypolicy.asp us/dnglobspec/html/ws-securitypolicy.asp Provides a detailed description of WS-SecurityPolicy

38 Policy In Action  Web Service Enhancements (WSE) 2.0 for.NET 2.0 provides basic support for WS-Policy  Let’s go!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.