HomeDigital EditionSys-Con RadioSearch Web Services Cd
B2B Beginning WS Business Process Management Case Studies Content Management Distributing Computing e-Business Electronic Data Interchange Enterprise Industry Insight Integration Interviews Java & Web Services .NET Portal Product Reviews Scalability & Performance Security SOAP Source Code UDDI Wireless WS Standards WS Tips & Techniques WSDL WS Editorials XML

Advanced Web Services Policies & Microsoft WSE by Jeannine Hall Gailey
WSJ Vol 04 Issue 06 - pg.45 



Listing 1

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext">
  <wsp:All>
    <wsse:SecurityToken wsp:Usage="wsp:Required">
      <wsse:TokenType>wsse:X509</wsse:TokenType>
    </wsse:SecurityToken>
    <wsse:Integrity wsp:Usage="wsp:Required">
      <wsse:Algorithm Type="wsse:AlgSignature"
        URI="http://www.w3.org/2000/09/xmlenc#aes" />
    </wsse:Integrity>
    <wsse:Confidentiality wsp:Usage="wsp:Required">
        <wsse:Algorithm Type="wsse:AlgEncryption"
          URI="http://www.w3.org/2001/04/xmlenc#3des-cbc"/>
        <MessageParts>
            wsp:GetNodesetForNode(wsp:GetBody(.))
        </MessageParts>
    </wsse:Confidentiality>
  </wsp:All>
</wsp:Policy>

Listing 2

<wsp:Policy wsu:Id="default-receive-policy" 
  xmlns:wsp="...">
  <wsp:ExactlyOne>
    <wsp:All Preference="30">
      <wsse:SecurityToken wsp:Usage="wsp:Required" 
        xmlns:wsse="...">
        <wsse:TokenType>http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-username-token-profile-1.0#UsernameToken
        </wsse:TokenType>
      </wsse:SecurityToken>
      <wsse:Integrity wsp:Usage="wsp:Required"
        xmlns:wsse="...">
        <wsse:TokenInfo>
          <SecurityToken>
            <wsse:TokenType>http://docs.oasis-open.org/wss/2004/01/
	oasis-200401-wss-username-token-profile-1.0#UsernameToken
			</wsse:TokenType>
          </SecurityToken>
        </wsse:TokenInfo>
        <wssp:MessageParts  Dialect="..."
          >wsp:Body() wsp:Header(wsa:Action) 
          wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) 
          wsp:Header(wsa:MessageID)
          wsp:Header(wsa:RelatesTo)
          wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) 
          wse:Timestamp()
        </wssp:MessageParts>
      </wsse:Integrity>
    </wsp:All>
    <wsp:All Preference="60">
      <wsse:SecurityToken wsp:Usage="wsp:Required"
        xmlns:wsse="...">
      <wssp:TokenType
        >http://docs.oasis-open.org/wss/2004/01/
		oasis-200401-wss-x509-token-profile-1.0#X509v3 
      </wssp:TokenType>
    </wsse:SecurityToken>
    <wsp:OneOrMore>
      <wsse:Integrity wsp:Usage="wsp:Required" 
        xmlns:wsse="...">
        <SecurityToken xmlns="...">
          <wssp:TokenType
            >http://docs.oasis-open.org/wss/2004/01/
			oasis-200401-wss-x509-token-profile-1.0#X509v3
			</wssp:TokenType>
        </SecurityToken>
      </wsse:TokenInfo>
      <wssp:MessageParts Dialect="..."
        >wsp:Body() wsp:Header(wsa:Action) 
        wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) 
        wsp:Header(wsa:MessageID)
        wsp:Header(wsa:RelatesTo)
        wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) 
        wse:Timestamp()</wssp:MessageParts>
    </wsse:Integrity>
    <wsse:Confidentiality wsp:Usage="wsp:Required"
      xmlns:wsse="...">
      <wsse:KeyInfo>
        <SecurityToken xmlns="...">
          <wssp:TokenType
            >http://docs.oasis-open.org/wss/2004/01/
			oasis-200401-wss-x509-token-profile-1.0#X509v3
			</wssp:TokenType>
        </SecurityToken>
        <wsse:MessageParts Dialect="..."
          >wsp:Body()</wsse:MessageParts>
        </wsse:Confidentiality>
      </wsp:OneOrMore>
    </wsp:All>
    <wsp:All Preference="90">
      <wsse:SecurityToken wsp:Usage="wsp:Required"
        xmlns:wsse="...">
        <wssp:TokenType
		>http://docs.oasis-open.org/wss/2004/01/
		oasis-200401-wss-x509-token-profile-1.0#X509v3
		</wssp:TokenType>
        <wsse:TokenIssuer
		>http://myservice/documentservice/secureConversation.ashx
		</wsse:TokenIssuer>
      </wsse:SecurityToken>
      <wsp:OneOrMore>
        <wsse:Integrity wsp:Preference="100"
          wsp:Usage="wsp:Required" xmlns:wsse="...">
          <wsse:TokenInfo>
            <wsse:SecurityToken wsp:Usage="wsp:Required"
              xmlns:wsse="...">
              <wssp:TokenType
                >http://docs.oasis-open.org/wss/2004/01/
	oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
		<wsse:TokenIssuer>
http://myservice/documentservice/secureConversation.ashx
</wsse:TokenIssuer>
            </wsse:SecurityToken>
          </wsse:TokenInfo>
          <wssp:MessageParts Dialect="..."
            >wsp:Body() wsp:Header(wsa:Action) 
              wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) 
              wsp:Header(wsa:MessageID)
              wsp:Header(wsa:RelatesTo)
              wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) 
              wse:Timestamp()</wssp:MessageParts>
           </wsse:Integrity>
           <wsse:Confidentiality wsp:Preference="50"
             wsp:Usage="wsp:Required"
             xmlns:wsse="...">
             <wsse:KeyInfo>
            <wsse:SecurityToken wsp:Usage="wsp:Required"
              xmlns:wsse="...">
              <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/
			  oasis-200401-wss-x509-token-profile-1.0#X509v3
			  </wssp:TokenType>
			<wsse:TokenIssuer>
	http://myservice/documentservice/secureConversation.ashx
			</wsse:TokenIssuer>
           </wsse:SecurityToken>
          </wsse:KeyInfo>
        <wsse:MessageParts Dialect="..."
		 >wsp:Body()</wsse:MessageParts>
        </wsse:Confidentiality>
      </wsp:OneOrMore>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Listing 3

<?xml version="1.0" encoding="utf-8" ?>
<policyDocument xmlns="...">
  <mappings xmlns:wse="...">
    <!-- Mapping for all non-SCT requests to the service. -->
    <defaultEndpoint>
      <defaultOperation>
        <request policy="#default-request-policy" />
        <response policy="#default-response-policy" />
        <fault policy="" />
      </defaultOperation>
    </defaultEndpoint>
    <!-- Mapping for all SCT requests to the service. -->
    <endpoint 
      uri="http://localhost/documentservice/secureConversation.ashx">
      <defaultOperation>
        <request policy="#sct-request-policy" />
        <response policy="#sct-response-policy" />
        <fault policy="" />
      </defaultOperation>
    </endpoint>
  </mappings>
  <policies xmlns:wsu="..." xmlns:wsp="..." xmlns:wssp="..." 
     xmlns:wse="..." xmlns:wsse="..." xmlns:wsa="..."
     >
     <wsp:Policy wsu:Id="default-request-policy">
       ...
     </wsp:Policy>
     <wsp:Policy wsu:Id="default-response-policy">
       ...
     </wsp:Policy>
     <wsp:Policy wsu:Id="sct-request-policy">
       ...
     </wsp:Policy>
     <wsp:Policy wsu:Id="sct-response-policy">
       ...
     </wsp:Policy>
   </policies>
</policyDocument>


Listing 4

<configuration>
  ...
  <microsoft.web.services>
    <security>
      ...
    </security>
    <tokenIssuer>
      ...
    </tokenIssuer>
    <diagnostics>
      ...
    </diagnostics>
    <policy>
      <cache name="C:\LocalPolicies\DocumentService\policyCache.config" />
    </policy>
</microsoft.web.services>
</configuration>