Databases Reference
In-Depth Information
Some others specify requirements and capabilities that are critical to proper
service selection and usage (i.e., privacy, application priority, user account
priorities). WS-Policy provides a single policy grammar to allow both kinds
of assertions in a consistent manner. However, there are no policy assertions
defined for authorization and access control.
Policy Syntax and Semantics.
<wsp:Policy xmlns:sp="...">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedElements>
<sp:XPath>/S:Envelope/S:Body</sp:XPath>
</sp:SignedElements>
</wsp:All>
<wsp:All>
<sp:EncryptedElements>
<sp:XPath>/S:Envelope/S:Body</sp:XPath>
</sp:EncryptedElements>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Fig. 8.
An WS-Policy Example
WS-Policy
3
defines three components: policy expressions, policy asser-
tions, and policy operations (
OnOrMore
,
All
,and
ExactlyOne
). A policy is
composed of policy expressions that may each contain only one of the policy
operations, policy assertions, or policy reference. The policy expressions can
be used as containers for application-specific or service-type-specific policy
definitions. In addition, policy operations can be nested and may contain any
externally defined content. As an example, Figure 8 gives a simple policy ex-
ample in the security domain. The policy contains two policy assertions to
restrict the elements depicted by the XPath expression
/S:Envelope/S:Body
so they should be either signed or encrypted.
5 Policy Modeling and Generation
XACL, XACML, and WS-Policy are expressive and powerful for policy speci-
fication, but also too complicated, especially for the users who are not experts
in their use. People also want to be able to address the underlying security
concerns in ways that are easy to understand, and so that they can identify
the particular technical implementations. Moreover, recently attention has
3
Since in Chapter 13 of
Security and Web Services
, WS-Policy is introduced in
details, we do not go deeply into it in this section.
