Standards for Technology in Automotive Retail
| Standards for Technology in Automotive Retail | |
Copyright © 2012 Standards for Technology in Automotive Retail
The purpose of this document is to provide guidelines for the implementation of the Web Services Policy Framework.
The scope of this document is to define, at a high level, the current WS-Policy specifications, and provide information on how to implement WS-Policy. The document also provides useful resources to help with the implementation. It is assumed that the organization utilizing this document, has the resources and knowledge to implement Web Services, and has either completed an implementation, or is working on a initial implementation.
Web Services allow applications to communicate in a platform independent manner across the Web. Web Services use an XML based networking protocol to provide essential information that users need to know to consume a web service, such as the names of the methods/functions available for execution in a particular web service, format of the messages being exchanged, and any expected arguments. All of the above information can be communicated by Web Services, using the Web Services Description Language (WSDL), to successfully integrate two Web Services.
As the need arises for more features, like encryption and reliability, additional information is needed, more than WSDL can provide.
For example, a user needs to find if WS-Security is mandatory for consuming a particular Web Service: the type of security tokens that the service processes. Also the user may need to know if the messages should be digitally signed and/or encrypted.
Before WS-Policy, there was no way to communicate this information, except via written documentation, emails between implementers, direct phone calls, etc. By defining a general framework that can be used and extending other Web Services specifications, WS-Policy addresses this issue by communicating information between Web Services consumers and providers.
WS-Policy is a specification that allows web services to use XML to advertise their policies (on security, quality of service, etc.) and for web services consumers to specify their policy requirements.
WS-Policy is a W3C recommendation as of September 2007.
WS-Policy represents a set of specifications that describe the capabilities and constraints of the security (and other business) policies on intermediaries and end points (for example, required security tokens, supported encryption algorithms, and privacy rules) and how to associate policies with services and end points.
The STAR Level 2 implementations guidelines define all the Security Requirements for implementing the STAR Web Services. The STAR Level 2 implementation must also include all of the STAR Level 1 requirements. Please refer to the STAR Web Services implementation guidelines document for more information.
Policy: A collection of Policy Alternatives.
Policy Alternative: A collection of Policy Assertions.
Policy Assertion: Represents a requirement, capability, or other property of a behavior.
Policy Expression: A XML infoset representation of its Policy, either in a normal form or in its equivalent compact form.
Policy Assertions can be represented in the message being exchanged (e.g., authentication scheme, transport protocol selection). Other Policies are not represented in the message being exchanged, yet they are needed for the service selection and usage (e.g., privacy policy, QoS characteristics).
The WS-Policy framework provides a single policy language to allow both kinds of assertions above to be expressed and evaluated.
Policy Attachment: A mechanism for associating a policy with one or more Policy Scopes.
Policy Scope: A collection of Policy Subjects to which a policy applies.
Policy Subject: An Entity (e.g., and endpoint, message, resource) with which a policy can be associated.
Web Services Policy Framework does not cover discovery of policy, policy scope and subjects, or their attachments mechanisms.
Web Services Policy Attachment defines such policy attachment mechanisms for associating Policies with XML Elements, WSDL Artifacts, and UDDI elements.
Web Services Policy Attachment defines mechanisms for associating policies, as defined in WS Policy framework, with the subjects to which these policies apply.
WS-PoliclyAttachment defines four levels at which policies can be defined for a web service:
Service level, Endpoint level, Operation level, and Message level
At the Service level, a Policy may indicate that all messages must be logged for auditing purposes.
At the Endpoint level, a policy may indicate that a particular key is required for encryption and signatures.
At the Operation level, a policy may indicate that a SAML assertion must be used to indicate the privileges and preferences of the caller.
At the Message level, a Policy may indicate what parts of the message must be protected with signatures and/or encryption.
CustomerInformation BOD-specific WSDL
Below we define a policy with an id=STARTestPolicy with two policy alternatives. The first requires the use of Italian as the language with UTF-8 as the encoding. The second alternative requires English as the language, and encoding of ISO-8859-1.
This Policy is saying that the Service/Service Consumer can understand UTF-8 encoded Italian language and ISO-8859-1 encoded English language.
We have attached this Policy to the Endpoint Subject of this WSDL. This is done under the “bindings” component of the WSDL, using a PolicyReference element.
The WS-Policy related code is showed below. See the lines with XML comments to the right.
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions xmlns:starws="http://www.starstandards.org/webservices/2005/10/transport"
xmlns:starbindings="http://www.starstandards.org/webservices/2005/10/transport/bindings"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:star="http://www.starstandard.org/STAR/5"
targetNamespace="http://www.starstandards.org/webservices/2005/10/transport/bindings"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" <!-- new name space -->
xmlns:sp="http://schemas.xmlsoap.org/ws/2002/12/secext" <!-- new name space -->
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <!-- new name space -->
<wsdl:documentation>Note: That if implementing the STAR Transport 2005/10 version of the WSDL and including a STAR 5 payload. Then
the correct namespace for the STAR 5 BODs needs to be specified. Recommended prefix would be star5 and the namespace of
http://www.starstandard.org/STAR/5. It should also be noted that the OAGI namespace may need to be specified as well. This namespace
is http://www.openapplications.org/oagis/9
</wsdl:documentation>
<wsp:UsingPolicy wsdl:Required="true" /> <!-- WS-Policy code -->
<wsp:Policy wsu:Id="STARTestPolicy"> <!-- Policy Expression -->
<wsp:ExactlyOne> <!-- Collection of Policy Alternatives -->
<wsp:All> <!-- Policy Alternative -->
<wsp:Language Language="it"/> <!-- Policy Assertion -->
<wsp:TextEncoding Encoding="UTF-8"/> <!-- Policy Assertion -->
</wsp:All>
<wsp:All> <!-- Policy Alternative -->
<wsp:Language Language="en"/> <!-- Policy Assertion -->
<wsp:TextEncoding Encoding="iso-8851-1"/> <!-- Policy Assertion -->
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy> <!-- End of WS-Policy Code -->
<wsdl:types>
<xsd:schema xmlns="http://www.starstandard.org/STAR/5"
targetNamespace="http://www.starstandard.org/STAR/5"
elementFormDefault="qualified"
attributeFormDefault="unqualified">
<xsd:include schemaLocation="../BODs/Developer/ProcessCustomerInformation.xsd"/>
<xsd:include schemaLocation="../BODs/Developer/AcknowledgeCustomerInformation.xsd"/>
</xsd:schema>
<xsd:schema xmlns="http://www.starstandards.org/webservices/2005/10/transport"
targetNamespace="http://www.starstandards.org/webservices/2005/10/transport"
elementFormDefault="qualified">
<xsd:include schemaLocation="STARWSDLDataTypes.xsd"/>
<xsd:import namespace="http://www.starstandard.org/STAR/5"/>
<xsd:complexType name="ProcessCustomerInformationPayload">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org/">The Payload is a general purpose wrapper for the content that is transmitted as part of the soap-env:body.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="content" type="starws:ProcessCustomerInformationContent" minOccurs="0"
maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">Describes the type of payload included. This item is optional.</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
<xsd:anyAttribute/>
</xsd:complexType>
<xsd:complexType name="AcknowledgeCustomerInformationPayload">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org/">The Payload is a general purpose wrapper for the content that is transmitted as part of the soap-env:body.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="content" type="starws:AcknowledgeCustomerInformationContent"
minOccurs="0"
maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">Describes the type of payload included. This item is optional.</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
<xsd:anyAttribute/>
</xsd:complexType>
<xsd:complexType name="ProcessCustomerInformationContent">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">Contains the content of a particular payload.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element ref="star:ProcessCustomerInformation" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">Get Parts Order</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element ref="starws:attachment" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID" use="required">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">A unique id that identifies the content being sent. This corresponds to the id specified in the manifest.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:anyAttribute/>
</xsd:complexType>
<xsd:complexType name="AcknowledgeCustomerInformationContent">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">Contains the content of a particular payload.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element ref="star:AcknowledgeCustomerInformation" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">Get Parts Order</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element ref="starws:attachment" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID" use="required">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">A unique id that identifies the content being sent. This corresponds to the id specified in the manifest.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:anyAttribute/>
</xsd:complexType>
<!--Global Elements used by the Bindings--><xsd:element name="ProcessMessage">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">
Process Message Input
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:sequence>
<xsd:element name="payload" type="starws:ProcessCustomerInformationPayload" minOccurs="0"
maxOccurs="1"
form="qualified"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="ProcessMessageResponse">
<xsd:annotation>
<xsd:documentation source="http://www.starstandard.org">
Response output
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:sequence>
<xsd:element name="payload" type="starws:AcknowledgeCustomerInformationPayload"
minOccurs="0"
maxOccurs="1"
form="qualified"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="PutMessage">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="payload" type="starws:ProcessCustomerInformationPayload" minOccurs="0"
maxOccurs="1"
form="qualified"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="PullMessageResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="payload" type="starws:AcknowledgeCustomerInformationPayload"
minOccurs="0"
maxOccurs="1"
form="qualified"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ProcessMessageIn">
<wsdl:part name="parameters" element="starws:ProcessMessage"/>
</wsdl:message>
<wsdl:message name="ProcessMessageOut">
<wsdl:part name="parameters" element="starws:ProcessMessageResponse"/>
</wsdl:message>
<wsdl:message name="PutMessageIn">
<wsdl:part name="parameters" element="starws:PutMessage"/>
</wsdl:message>
<wsdl:message name="PutMessageOut">
<wsdl:part name="parameters" element="starws:PutMessageResponse"/>
</wsdl:message>
<wsdl:message name="PullMessageIn">
<wsdl:part name="parameters" element="starws:PullMessage"/>
</wsdl:message>
<wsdl:message name="PullMessageOut">
<wsdl:part name="parameters" element="starws:PullMessageResponse"/>
</wsdl:message>
<wsdl:message name="ManifestHeader">
<wsdl:part name="header" element="starws:payloadManifest"/>
</wsdl:message>
<wsdl:portType name="starTransportPortTypes">
<wsdl:operation name="ProcessMessage">
<wsdl:input message="starbindings:ProcessMessageIn"/>
<wsdl:output message="starbindings:ProcessMessageOut"/>
</wsdl:operation>
<wsdl:operation name="PutMessage">
<wsdl:input message="starbindings:PutMessageIn"/>
<wsdl:output message="starbindings:PutMessageOut"/>
</wsdl:operation>
<wsdl:operation name="PullMessage">
<wsdl:input message="starbindings:PullMessageIn"/>
<wsdl:output message="starbindings:PullMessageOut"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="starTransport" type="starbindings:starTransportPortTypes">
<wsp:PolicyReference URI="#STARTestPolicy" wsdl:required="true"/> <!-- Attachment of Policy - ENdpoint is the subject -->
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="ProcessMessage">
<soap:operation soapAction="http://www.starstandards.org/webservices/2005/10/transport/operations/ProcessMessage"/>
<wsdl:input>
<soap:header message="starbindings:ManifestHeader" part="header" use="literal"/>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:header message="starbindings:ManifestHeader" part="header" use="literal"/>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="PutMessage">
<soap:operation soapAction="http://www.starstandards.org/webservices/2005/10/transport/operations/PutMessage"
style="document"/>
<wsdl:input>
<soap:header message="starbindings:ManifestHeader" part="header" use="literal"/>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="PullMessage">
<soap:operation soapAction="http://www.starstandards.org/webservices/2005/10/transport/operations/PullMessage"
style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:header message="starbindings:ManifestHeader" part="header" use="literal"/>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="ProcessCustomerInformationWebService">
<wsdl:port name="ProcessCustomerInformationStarTransport"
binding="starbindings:starTransport"><!--Note to implementors. You will need to change or override the soap address as appropriate.--><soap:address location="http://www.example.org/"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
In order to simplify web services' development work, Axis2 comes with a set of tools and IDE plugins for code generation (WSDL2Code), allowing one to choose from any of these code- generation tools to generate the service skeleton. Additionally, there is a set of databinding frameworks that are supported, and out of which, you can select one, depending on your requirements. To name a few, you can use XMLBeans, ADB, or any other available databinding frameworks such as JiBX, JaxMe, and others.
Apache Neethi™ provides general framework for the programmers to use WS Policy. It is compliant with the latest WS Policy specification, which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing its requirements and capabilities.
Neethi is an open source Java library to create, parse, normalize, merge, and intersect policies compliant with WS-Policy.
Documents
Web Services Policy 1.5 - Attachment
Tutorials
Application Servers with WS-Policy Support
The WSO2 Application Server brings together the best of breed in open source technologies for Web Applications with Apache Tomcat and Web Services with Apache Axis2.
http://wso2.com/products/application-server/
Apache Axis2™ is a Web Services / SOAP / WSDL engine, the successor to the widely used Apache Axis SOAP stack.
http://axis.apache.org/axis2/java/core/docs/WS_policy.html
The WS-Policy implementation in WebSphere Application Server supports Web Services Reliable Messaging Policy Assertion Version 1.0 and Web Services Reliable Messaging Policy Assertion Version 1.1.
The BizTalk Adapter for Web Services Enhancements (WSE) 2.0 is a "no-code" connectivity solution that integrates secure Web services with BizTalk Server 2004. The BizTalk Adapter for WSE is implemented using the WSE 2.0 for Microsoft .NET, and it supports WS-Security, WS-Trust, WS-SecureConversation, WS-SecurityPolicy, and WS-Policy
http://www.microsoft.com/biztalk/evaluation/adapter/adapters/wse/2004/wsev2_overview.mspx
BEA WebLogic Server is an enterprise-ready J2EE application server that supports the deployment of mission-critical applications in a robust, secure, highly available, and scalable environment. WebLogic Server is an ideal foundation for building applications based on Service Oriented Architectures (SOA).
http://axis.apache.org/axis2/java/core/docs/WS_policy.html
WS-Policy API Support
Java JDK 6.0 provides a WS-Policy development module. com.sun.xml.ws.policy
NET / Windows Communication Foundation (WFC) Interoperability Bindings for WS-Policy.
hhttp://msdn.microsoft.com/en-us/library/ms730294.aspx
Web Services Development Tools with WS-Policy Support
Integrated Development Environment Tools for Web Services development are actively being updated to support new Web Services and SOA specifications.
Some examples of IDEs that currently support WS-Policy implementations are below.
