Looking for how to manage to figure out policies relations to the web services, I’ve found out a paper called “A Practical Introduction to WS-Policy“. Out of that you can simply figure out how to write a web service with a WS-Policy attached to it. The WS-Policy needs WS-PolicyAttachment showing how these policies to attached and how to use.
Both of these are XML based files and are easy to interpret.
The only problem with that is WS-Policy is only giving solutions for security policies, like having a specific token or something like that. What I was looking for it was to somehow check the policy behind a web service in all aspects of business process and not only security requirements.
The ones that WS-Policy can talk about is :
- Integrity (digital signatures)
- Confidentiality (encryption)
- MessagePredicate (specifies message parts that SOAP messages must contain)
- MessageAge
- SecurityToken