Page Operations
Browse Space
The Policy Framework specification provides mechanisms for describing non-functional characteristics of service components and composites and the connections between them.
The Policy Framework operates at two levels. It allows developers to express policy requirements by using policy intents, which describe in a high-level language the characteristics required by a component, service or reference. An example of an intent is the need for confidentiality for messages sent during the invocation of a service (eg. the messages need to be encrypted). The developer of the service can express this intent in the form "confidentiality.message" - which says that a security capability of confidentiality is required by the service and that of the forms of confidentiality available, message-based confidentiality must be used. Intents are deliberately abstract and independent of the low level configuration details that get specified at deployment time. The abstraction allows the low level details to vary between deployments, especially where different bindings are chosen to access the service. Intents can also be grouped together into profile intents which provide a shorthand way of expressing all the intents in the group.
The second level of the Policy Framework is the concrete policy configuration that can be applied at deployment time by mapping intents to specific policy choices. To continue the example of confidentiality, a detailed policy for confidentiality may involve encryption using RSA. SCA policies contain the low level information of this kind. Policies are grouped together into policy sets which may define a range of choices for a specific policy domain. For example a policy set for confidentiality may have RSA and Blowfish as encryption alternatives. At deployment time, SCA allows for the selection of specific alternatives from a policy set.
Intents and policy sets may apply to interactions between components (i.e. to services and references) - these are termed interaction policies - or they may apply to component implementations - these are termed implementation policies.
For Web services bindings, the Policy Framework describes the detailed policies and policy subjects using WS-Policy
and WS-PolicyAttachment. For other binding types, detailed policies are described in terms that are suitable for the binding.
What's New? - Policy Framework
The Policy Framework has been created since the 0.9 SCA specifications were published - so it is all new! It builds on some non-normative material that was included in an appendix of the 0.9 Assembly specification.
Security Policy
While the Policy Framework is intended to be a general purpose framework that supports any kind of policy requirements, the Policy Framework Specification does provide a few security related intents that will be part of the proposed standard. The security policy covers confidentiality, integrity and authentication in the context of message and transport security. These are considered to be interaction policies since they need to be understood by both the client and the service provider.
The policy framework specification also offers implementation policies in the form of authorization constraints, such as the roles allowed and runas delegation.
Reliability Policy
The SCA Policy Framework Specification also offers interaction policies in the domain of reliable messaging. Intents which describe commonly used reliabile message patterns, such as atLeastOnce, are part of the proposed standard.