Policy sets are assertions about how services are defined.
They are used to simplify the quality of service configuration for
Web services.
About this task
Policy sets combine configuration settings, including those
for transport and message level configuration, such as WS-Addressing,
WS-ReliableMessaging, and WS-Security. There are two main types of
policy sets; application policy sets and system policy sets. Application
policy sets are used for business-related assertions. These assertions
are related to the business operations that are defined in the Web
Services Description Language (WSDL) file. System policy sets, on
the other hand, are used for non-business-related system messages.
These messages are not related to the business operations that are
defined in the WSDL, but instead refer to messages that are defined
in other specifications which apply qualities of service (QoS). Such
QoS are the request security token (RST) messages that are defined
in WS-Trust, or create sequence messages that are defined in WS-Reliable
Messaging metadata exchange messages of the WS-MetadataExchange.
Note: You can use policy sets only with Java™ API for XML-Based Web Services
(JAX-WS) applications. You cannot use policy sets with Java API for XML-based RPC (JAX-RPC) applications.
Policies are defined based on a quality of service. Policy definition
is typically based on WS-Policy standard language, for example, the
WS-Security policy is based on the current WS-SecurityPolicy from
the Organization for the Advancement of Structured Information Standards
(OASIS) standards.
Policy sets do not include environment or
platform-specific information, such as keys for signing, keystore
information, or persistent store information. This type of information
is defined in the binding. A policy set attachment defines how a policy
set is attached to service resources and bindings. The attachment
definition is outside the policy set definition and is defined as
meta-data associated with application data.
To secure JAX-WS
Web services with message-level security using policy sets, follow
these steps: