W3CW3C Member Submission

Web Services Policy Attachment for Endpoint Reference (WS-PAEPR)

W3C Member Submission 20 July 2007

This version:
Latest version:
Glen Daniels, Progress Software Corporation
Frederick Hirsch, Nokia
Anish Karmarkar, Oracle
Mark Little, JBoss
Ashok Malhotra (editor), Oracle
Gilbert Pilz, BEA Systems, Inc.
Copyright © 2007 BEA Systems, Inc., Nokia, Oracle, Progress Software Corporation, JBoss. All rights reserved. This document is available under the W3C Document License. See the W3C Intellectual Rights Notice and Legal Disclaimers for additional information.


The [WS-Addressing] recommendation defines a mechanism for associating metadata with an endpoint reference. This metadata can be used to define the "the behavior, policies and capabilities of the endpoint." This note defines the semantics of including Policies and Policy References as defined by [WS-Policy Framework] within the metadata property of an endpoint reference.

Status of this Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications can be found in the W3C technical reports index at http://www.w3.org/TR/.

By publishing this document, W3C acknowledges that the Submitting Members have made a formal Submission request to W3C for discussion. Publication of this document by W3C indicates no endorsement of its content by W3C, nor that W3C has, is, or will be allocating any resources to the issues addressed by it. This document is not the product of a chartered W3C group, but is published as potential input to the W3C Process. A W3C Team Comment has been published in conjunction with this Member Submission. Publication of acknowledged Member Submissions at the W3C site is one of the benefits of W3C Membership. Please consult the requirements associated with Member Submissions of section 3.3 of the W3C Patent Policy. Please consult the complete list of acknowledged W3C Member Submissions.

Table of Contents

1 Introduction
    1.1 Notational Conventions
2 Associating Policies with Endpoint References
    2.1 Syntax
    2.2 Scope of Effective Policy
    2.3 Calculating Effective Policy for Other Policy Scopes
    2.4 Validity of Metadata Information
    2.5 Security Considerations
3 References

1 Introduction

The [WS-Addressing] Recommendation defines an XML Infoset-based representation for specifying endpoint references. The XML syntax is as below:


Note that the Metadata element allows child elements from any namespace. Typically, these are used to include WSDL definitions that apply to that endpoint as well as Policies or Policy References that apply to that endpoint. The [WS-Addressing Metadata] specification defines how to include WSDL metadata in an EPR's metadata section.

This document defines how to include Policies and Policy References within the Metadata element as well as the semantics of such inclusion. We also discuss the semantics of Policies and Policy References directly included within the Metadata element in combination with Policies and Policy References included within WSDL definitions that are also included in the Metadata element.

This specification discusses how to associate Policies with endpoints. It does not discuss how such Policies can be used. The WS-Policy Working Group has published several documents ([WS-Policy Attachment], [WS-Policy Primer], [WS-Policy Guidelines]) that describe how Policies can be used.

1.1 Notational Conventions

The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [IETF RFC 2119].

This specification uses namespace prefixes that are listed in Table 1. Note that the choice of any namespace prefix is arbitrary and not semantically significant (see [XML Information Set]).

Table 1. Prefixes and Namespaces used in this specification
Prefix Namespace Definition
wsa http://www.w3.org/2005/08/addressing WS-Addressing
wsp http://www.w3.org/ns/ws-policy WS-Policy
xs http://www.w3.org/2001/XMLSchema XML Schema - Structures

Namespace names of the general form "http://example.org/..." and "http://example.com/..." represent application or context-dependent URIs (see [IETF RFC 3986]).

All parts of this specification are normative, with the exception of examples and sections explicitly marked as "Non-Normative".

This specification uses XML syntax. Translation to the Infoset Model is straightforward.

This specification uses BNF-style conventions for specifying syntax: "?" denotes zero or one occurrence , "*" denotes zero or more occurrences, "+" one or more occurrences, "(" and ")" are used to form groups, and "|" represents choice.

2 Associating Policies with Endpoint References

2.1 Syntax

Policy or Policy Reference MAY appear as direct children of the Metadata element.

( <wsp:Policy ...> ... </wsp:Policy> |
<wsp:PolicyReference ...> ... </wsp:PolicyReference> )?
... </wsa:Metadata> </wsa:EndpointReference>

If multiple alternatives are desired as part of this single Policy, the operators defined in [WS-Policy Framework] can be used to specify such a structure.

2.2 Scope of Effective Policy

The scope of the Effective Policy calculated above is the endpoint referenced by the endpoint reference. Policy scope is defined in [WS-Policy Attachment].

2.3 Calculating Effective Policy for Other Policy Scopes

As mentioned above, the Metadata element within an endpoint reference can contain, as children, WSDL (1.1 and 2.0) definitions in addition to Policies and Policy References. Details are discussed in Section 2.1 of [WS-Addressing Metadata]. These definitions can, in turn, have Policies and Policy References associated with them. Specifically, WSDL 2.0 Service and Interface and WSDL 1.1 Port Type and Service definitions can appear within the Metadata element of an Endpoint. The Effective Policy for the endpoint must be computed by combining the Policies and Policy References that appear as direct children of the Metadata element with the Policies an Policies References that are associated with WSDL definitions that appear within the Metadata element. The algorithms for computing the Effective Policy in such situations is discussed in Section 4 and Section 5 of [WS-Policy Attachment]

2.4 Validity of Metadata Information

The [WS-Addressing] specification discusses caveats to the validity of Metadata information. These apply to Policies embedded within the Metadata element as discussed in this document and bear repeating in full:

The metadata embedded in an EPR is not necessarily a complete statement of the metadata pertaining to the endpoint. Moreover, while embedded metadata is necessarily valid at the time the EPR is initially created it may become stale at a later point in time.

To deal with conflicts between the embedded metadata of two EPRs that have the same [address], or between embedded metadata and metadata obtained from a different source, or to ascertain the current validity of embedded metadata, mechanisms that are outside of the scope of this specification, such as EPR life cycle information ... or retrieval of metadata from an authoritative source, SHOULD be used.

2.5 Security Considerations

Section 5 of the [WS-Policy Framework] specification spells out in detail security considerations when using Policies. These apply equally to Policies specified within the Metadata element of an Endpoint Reference as discussed in this document.

Section 4 of the [WS-Addressing] specification spells out in detail security considerations when using endpoint references. These apply equally to Policies specified within the Metadata element of an endpoint reference as discussed in this document.

3 References

Uniform Resource Identifiers (URI): Generic Syntax, T. Berners-Lee, R. Fielding, L. Masinter. Network Working Group, January 2005. (See http://www.ietf.org/rfc/rfc3986.txt.)
Key words for use in RFCs to Indicate Requirement Levels, S. Bradner, Author. Internet Engineering Task Force, June 1999. (See http://www.ietf.org/rfc/rfc2119.txt.)
WS-Addressing 1.0 - Core, Martin Gudgin, Marc Hadley, Tony Rogers. W3C Recommendation, 9 May 2006. (See http://www.w3.org/TR/2006/REC-ws-addr-core-20060509/.)
WS-Addressing Metadata
WS-Addressing 1.0 - Metadata, Martin Gudgin et al, W3C Working Draft, 27 June 2007. (See http://www.w3.org/TR/2007/WD-ws-addr-metadata-20070627/.)
WS-Policy Framework
Web Services Policy 1.5 - Framework, Asir Vedamuthu et al, W3C Proposed Recommendation, July 06, 2007. (See http://www.w3.org/TR/2007/PR-ws-policy-20070706/.)
WS-Policy Attachment
Web Services Policy 1.5 - Attachment, Asir Vedamuthu et al, W3C Proposed Recommendation, July 06, 2007. (See http://www.w3.org/TR/2007/PR-ws-policy-attach-20070706/.)
WS-Policy Primer
Web Services Policy 1.5 - Primer, Asir Vedamuthu et al, W3C Working Draft, June 05, 2007. (See http://www.w3.org/TR/2007/WD-ws-policy-primer-20070605/.)
WS-Policy Guidelines
Web Services Policy 1.5 - Guidelines for Policy Assertion Authors, Asir Vedamuthu et al, W3C Working Draft, March 30, 2007. (See http://www.w3.org/TR/2007/WD-ws-policy-guidelines-20070330/.)
XML Information Set
XML Information Set (Second Edition), J. Cowan and R. Tobin, W3C Recommendation, February 04, 2004, revised October 24. (See http://www.w3.org/TR/2004/REC-xml-infoset-20040204/.)