Qualities of service for JAX-WS web services and clients
You can use policy sets to simplify configuring the qualities of service for web services and clients. Policy sets are assertions about how web services are defined. Using policy sets, you can combine configurations for different policies. You can use policy sets with JAX-WS applications, but not with JAX-RPC applications.
For information about web services security for WebSphere Application Server, see: Administering web services - Security (WS-Security).
For information about web policy sets for WebSphere Application Server, see: Administering web services - Policy (WS-Policy).
The following developerWorks® tutorial provides a detailed example of how to configure message-level security for the SOAP message by configuring policy sets in the workbench:Message-level security with JAX-WS on WebSphere Application Server V7: Using Rational® Application Developer V7.5.2 to build secure JAX-WS web services
For information about configuring web services, see: chapter 14 in the Rational Application Developer for WebSphere Software V8 Programming Guide
A policy set is identified by a unique name. An instance of a policy set consists of a collection of policy types. An empty policy set has no defined policy instance.
You can use the policy sets that are included with this product to simplify configuring the qualities of service for your web services and clients. For example, the Reliable Secure Profile (RSP) default policy set consists of instances of the WS-SecureConversation and WS-Securitypolicy types. For more information about the policy sets that are included with this product, see the related concepts.
Policies are defined based on a quality of service. Policy definitions are typically based on WS-Policy standards language. For example, the WS-Security policy is based on the current WS-SecurityPolicy language from the Organization for the Advancement of Structured Information Standards (OASIS) standards.
Policy sets omit application or user-specific information, such as keys for signing, keystore information, or persistent store information. Instead, application and user-specific information is defined in the bindings. Typically, bindings are specific to the application or the user, and bindings are not normally shared. On the server side, if you do not specify a binding for a policy set, a default binding is used for that policy set. On the client side, you must specify a binding for each policy set.
A policy set attachment defines which policy set is attached to service resources, and which bindings are used for the attachment. The bindings define how the policy set is attached to the resources. An attachment is defined outside of the policy set, as metadata associated with the application. To enable a policy set to work with an application, a binding is required. Use the policy set attachment wizards to configure bindings.
Policy sets can be created, deleted, copied, imported, or exported within WebSphere Application Server using either the administrative console or the wsadmin commands. You can then import or export policy sets from the workbench using the Import > Web services > WebSphere Policy Sets or Export > Web services > WebSphere Policy Sets wizards. Policy sets are then attached to web services and clients using the Manage Policy Set Attachments wizards.