Web Services Policy Framework (WS-Policy) is an extensible XML-based framework that extends the configuration of a Web Service with domain specific security assertions and specifies the security requirements, expectations, and capabilities of the Web Service. In ALSB, one of the primary uses of WS-Policy is configuring message-level security in proxy services and business services.
ALSB includes three simple WS-Policy files that you can use to require clients to authorize, digitally encrypt, or digitally sign SOAP messages: Auth.xml
, Encrypt.xml
, and Sign.xml
. BEA recommends that unless you have specific security needs, you use these pre-packaged files as often as possible.
For more information about using these policies, see ALSB Policy Statements in AquaLogic Service Bus Security Guide.
If the ALSB WS-Policy statements do not meet your security needs, you can write your own WS-Policies (custom WS-Policies), import them to ALSB, and refer to them from the WSDL. (The ALSB WS-Policy statements are read-only.)
For information about creating and referring to custom WS-Policies, see Using Web Service Policy to Specify Inbound Message-Level Security in AquaLogic Service Bus Security Guide.