Web Services ReliableMessaging Policy Assertion (WS-RM Policy)

Committee Draft 04, August 11, 2006

Document identifier:

wsrmp-1.1-spec-cd-04

Location:

http://docs.oasis-open.org/ws-rx/wsrmp/200608/wsrmp-1.1-spec-cd-04.pdf

Editors:

Doug Davis, IBM <dug@us.ibm.com>

Anish Karmarkar, Oracle <Anish.Karmarkar@oracle.com>

Gilbert Pilz, BEA <gpilz@bea.com>

Ümit Yalçinalp, SAP <umit.yalcinalp@sap.com>

Contributors:

See the Acknowledgments (Appendix A).

Abstract:

This specification describes a domain-specific policy assertion for WS-ReliableMessaging [WS-RM] that that can be specified within a policy alternative as defined in WS-Policy Framework [WS-Policy].

By using the XML [XML], SOAP [SOAP 1.1], [SOAP 1.2] and WSDL [WSDL 1.1] extensibility models, the WS* specifications are designed to be composed with each other to provide a rich Web services environment. This by itself does not provide a negotiation solution for Web services. This is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of policy exchange models.

Status:

This document was last revised or approved by the WS-RX on the above date. The level of approval is also listed above. Check the current location noted above for possible later revisions of this document. This document is updated periodically on no particular schedule. Technical Committee members should send comments on this specification to the Technical Committee's email list. Others should send comments to the Technical Committee by using the "Send A Comment" button on the Technical Committee's web page at http://www.oasis-open.org/committees/ws-rx. For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page (http://www.oasis-open.org/committees/ws-rx/ipr.php). The non-normative errata page for this specification is located at http://www.oasis-open.org/committees/ws-rx.

Table of Contents

1 Introduction

This specification defines a domain-specific policy assertion for reliable messaging for use with WS-Policy and WS-ReliableMessaging.

1.1 Goals and Requirements

1.1.1 Requirements

1.2 Notational Conventions

The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [KEYWORDS].

This specification uses the following syntax to define normative outlines for messages:

• The syntax appears as an XML instance, but values in italics indicate data types instead of values.

• Characters are appended to elements and attributes to indicate cardinality:

  • "?" (0 or 1)

  • "*" (0 or more)

  • "+" (1 or more)

• The character "|" is used to indicate a choice between alternatives.

• The characters "[" and "]" are used to indicate that contained items are to be treated as a group with respect to cardinality or choice.

• An ellipsis (i.e. "...") indicates a point of extensibility that allows other child, or attribute, content. Additional children and/or attributes MAY be added at the indicated extension points but MUST NOT contradict the semantics of the parent and/or owner, respectively. If an extension is not recognized it SHOULD be ignored.

• XML namespace prefixes (See Section 1.3) are used to indicate the namespace of the element being defined.

Elements and Attributes defined by this specification are referred to in the text of this document using XPath 1.0 [XPATH 1.0] expressions. Extensibility points are referred to using an extended version of this syntax:

• An element extensibility point is referred to using {any} in place of the element name. This indicates that any element name can be used, from any namespace other than the wsrm: namespace.

• An attribute extensibility point is referred to using @{any} in place of the attribute name. This indicates that any attribute name can be used, from any namespace other than the wsrm: namespace.

1.3 Namespace

The XML namespace [XML-ns] URI that MUST be used by implementations of this specification is:

http://docs.oasis-open.org/ws-rx/wsrmp/200608

Dereferencing the above URI will produce the Resource Directory Description Language [RDDL 2.0] document that describes this namespace.

Table 1 lists the XML namespaces that are used in this specification. The choice of any namespace prefix is arbitrary and not semantically significant.

Table 1

1.4 Compliance

An implementation is not compliant with this specification if it fails to satisfy one or more of the MUST or REQUIRED level requirements defined herein. A SOAP Node MUST NOT use the XML namespace identifier for this specification (listed in Section 1.3) within SOAP Envelopes unless it is compliant with this specification.

Normative text within this specification takes precedence over normative outlines, which in turn take precedence over the XML Schema [XML-Schema Part1, XML-Schema Part2] descriptions.

2 RM Policy Assertions

WS-Policy Framework and WS-Policy Attachment [WS-PolicyAttachment] collectively define a framework, model and grammar for expressing the requirements, and general characteristics of entities in an XML Web services-based system. To enable an RM Destination and an RM Source to describe their requirements for a given Sequence, this specification defines a single RM policy assertion that leverages the WS-Policy framework.

2.1 Assertion Model

The RM policy assertion indicates that the RM Source and RM Destination MUST use WS-ReliableMessaging to ensure reliable delivery of messages. Specifically, the WS-ReliableMessaging protocol determines invariants maintained by the reliable messaging endpoints and the directives used to track and manage the delivery of a Sequence of messages.

2.2 Normative Outline

The normative outline for the RM assertion is:

<wsrmp:RMAssertion [wsp:Optional="true"]? ... >

...

</wsrmp:RMAssertion>

The following describes additional, normative constraints on the outline listed above:

/wsrmp:RMAssertion

A policy assertion that specifies that WS-ReliableMessaging protocol MUST be used when sending messages.

/wsrmp:RMAssertion/@wsp:Optional="true"

Per WS-Policy, this is compact notation for two policy alternatives, one with and one without the assertion. The intuition is that the behavior indicated by the assertion is optional, or in this case, that WS-ReliableMessaging MAY be used.

/wsrmp:RMAssertion/{any}

This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed.

/wsrmp:RMAssertion/@{any}

This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed.

2.3 Assertion Attachment

The RM policy assertion is allowed to have the following Policy Subjects [WS-PolicyAttachment]:

• Endpoint Policy Subject

• Message Policy Subject

WS-PolicyAttachment defines a set of WSDL/1.1 policy attachment points for each of the above Policy Subjects. Since an RM policy assertion specifies a concrete behavior, it MUST NOT be attached to the abstract WSDL policy attachment points.

The following is the list of WSDL/1.1 elements whose scope contains the Policy Subjects allowed for an RM policy assertion but which MUST NOT have RM policy assertions attached:

• wsdl:message

• wsdl:portType/wsdl:operation/wsdl:input

• wsdl:portType/wsdl:operation/wsdl:output

• wsdl:portType/wsdl:operation/wsdl:fault

• wsdl:portType

The following is the list of WSDL/1.1 elements whose scope contains the Policy Subjects allowed for an RM policy assertion and which MAY have RM policy assertions attached:

• wsdl:port

• wsdl:binding

• wsdl:binding/wsdl:operation/wsdl:input

• wsdl:binding/wsdl:operation/wsdl:output

• wsdl:binding/wsdl:operation/wsdl:fault

If an RM policy assertion is attached to any of:

• wsdl:binding/wsdl:operation/wsdl:input

• wsdl:binding/wsdl:operation/wsdl:output

• wsdl:binding/wsdl:operation/wsdl:fault

then an RM policy assertion, specifying wsp:Optional=true MUST be attached to the corresponding wsdl:binding or wsdl:port, indicating that the endpoint supports WS-RM. Any messages, regardless of whether they have an attached Message Policy Subject RM policy assertion, MAY be sent to that endpoint using WS-RM. Additionally, the receiving endpoint MUST NOT reject any message belonging to a Sequence, simply because there was no Message Policy Subject RM policy assertion attached to that message. There might be certain RM implementations that are incapable of applying RM QoS semantics on a per-message basis. In order to ensure the broadest interoperability, when an endpoint decorates its WSDL with RM policy assertions using Message Policy Subject, it MUST also be prepared to accept that all messages sent to that endpoint might be sent within the context of an RM Sequence, regardless of whether the corresponding wsdl:input, wsdl:output or wsdl:fault had an attached RM policy assertion.

Rather than turn away messages that were unnecessarily sent with RM semantics, the receiving endpoint described by the WSDL MUST accept these messages.

By attaching an RM policy assertion that specifies wsp:Optional="true" to the corresponding endpoint that has attached RM policy assertions at the Message Policy Subject level, the endpoint is describing the above constraint in policy.

In the case where an optional RM Assertion applies to an output message, there is no requirement on the client to support an RM Destination implementation

2.4 Assertion Example

Table 2 lists an example use of the RM policy assertion.

Table 2: Example policy with RM policy assertion

(01)<wsdl:definitions

(02) targetNamespace="example.com"

(03) xmlns:tns="example.com"

(04) xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"

(05) xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"

(06) xmlns:wsrmp="http://docs.oasis-open.org/ws-rx/wsrmp/200608"

(07) xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

(08)

(09) <wsp:UsingPolicy wsdl:required="true" />

(10)

(11) <wsp:Policy wsu:Id="MyPolicy" >

(12) <wsrmp:RMAssertion/>

(13) <!-- omitted assertions -->

(14) </wsp:Policy>

(15)

(16) <!-- omitted elements -->

(17)

(18) <wsdl:binding name="MyBinding" type="tns:MyPortType" >

(19) <wsp:PolicyReference URI="#MyPolicy" />

(20) <!-- omitted elements -->

(21) </wsdl:binding>

(22)

(23)</wsdl:definitions>

Line (09) in Table 2 indicates that WS-Policy is in use as a required extension.

Lines (11-14) are a policy expression that includes a RM policy assertion (Line 12) to indicate that WS-ReliableMessaging must be used.

Lines (18-21) are a WSDL binding. Line (19) indicates that the policy in Lines (11-14) applies to this binding, specifically indicating that WS-ReliableMessaging must be used over all the messages in the binding.

2.5 Sequence Security Policy

WS-SecurityPolicy [SecurityPolicy] provides a framework and grammar for expressing the security requirements and characteristics of entities in a XML web services based system. The following assertions MAY be used in conjunction with WS-SecurityPolicy to express additional security requirements particular to RM Sequences.

2.5.1 Sequence STR Assertion

This assertion defines the requirement that an RM Sequence MUST be bound to an explicit token that is referenced from a wsse:SecurityTokenReference in the CreateSequence message.

This assertion MUST apply to [Endpoint Policy Subject]. This assertion MUST NOT be used for an endpoint that does not also use the RM assertion.

The normative outline for the Sequence STR Assertion is:

<wsrmp:SequenceSTR [wsp:Optional="true"]? ... />

/wsrmp:SequenceSTR

A policy assertion that specifies security requirements which MUST be used with an RM Sequence that are particular to WS-RM and beyond what can be expressed in WS-SecurityPolicy.

/wsrm:SequenceSTR /@wsp:Optional="true"

Per WS-Policy, this is compact notation for two policy alternatives, one with and one without the assertion. The intuition is that the behavior indicated by the assertion is optional, or in this case, that the RM Sequence binding to a specific token MAY be used.

2.5.2 Sequence Transport Security Assertion

This assertion defines the requirement that an RM Sequence MUST be bound to the session(s) of the underlying transport-level security protocol (e.g. SSL/TLS) used to carry the CreateSequence and CreateSequenceResponse messages.

This assertion MUST apply to [Endpoint Policy Subject]. This assertion is effectively meaningless unless it occurs in conjunction with the RMAssertion and a sp:TransportBinding assertion that requires the use of some transport-level security mechanism (e.g. sp:HttpsToken).

The normative outline for the Sequence Transport Security Assertion is:

<wsrmp:SequenceTransportSecurity [wsp:Optional="true"]? ... />

/wsrmp:SequenceTransportSecurity

A policy assertion that specifies that any Sequences targeted to the indicated endpoint MUST be bound to the underlying session(s) of the transport-level security used to carry messages related to the Sequence.

/wsrmp:SequenceTransportSecurity /@wsp:Optional="true"

Per WS-Policy, this is compact notation for two policy alternatives, one with and one without the assertion. The meaning is that the behavior indicated by the assertion is optional, or in this case, that the binding of RM Sequences to transport-level security sessions MAY be used.

3 Security Considerations

It is strongly RECOMMENDED that policies and assertions be signed to prevent tampering.

It is RECOMMENED that policies SHOULD NOT be accepted unless they are signed and have an associated security token to specify the signer has proper claims for the given policy. That is, a relying party shouldn't rely on a policy unless the policy is signed and presented with sufficient claims to pass the relying parties acceptance criteria.

It should be noted that the mechanisms described in this document could be secured as part of a SOAP message using WS-Security [WS-Security] or embedded within other objects using object-specific security mechanisms.

4 References

4.1 Normative

[KEYWORDS]

S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels," RFC 2119, Harvard University, March 1997.

[SOAP 1.1]

W3C Note, "SOAP: Simple Object Access Protocol 1.1" 08 May 2000.

[SOAP 1.2]

W3C Recommendation, "SOAP Version 1.2 Part 1: Messaging Framework" June 2003.

[URI]

T. Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax," RFC 3986, MIT/LCS, U.C. Irvine, Xerox Corporation, January 2005.

[WS-RM]

OASIS WS-RX Technical Committee Draft, "Web Services Reliable Messaging (WS-ReliableMessaging)," September 2005.

[WS-Policy]

W3C Member Submission, "Web Services Policy Framework (WS-Policy)," April 2006.

[WS-PolicyAttachment]

W3C Member Submission, "Web Services Policy Attachment (WS-PolicyAttachment)," April 2006.

[WSDL 1.1]

W3C Note, "Web Services Description Language (WSDL 1.1)," 15 March 2001.

[XML]

W3C Recommendation, "Extensible Markup Language (XML) 1.0 (Second Edition)", October 2000.

[XML-ns]

W3C Recommendation, "Namespaces in XML," 14 January 1999.

[XML-Schema Part1]

W3C Recommendation, "XML Schema Part 1: Structures," 2 May 2001.

[XML-Schema Part2]

W3C Recommendation, "XML Schema Part 2: Datatypes," 2 May 2001.

[XPATH 1.0]

W3C Recommendation, "XML Path Language (XPath) Version 1.0," 16 November 1999.

4.2 Non Normative

[RDDL 2.0]

Johnathan Borden, Tim Bray, eds. “Resource Directory Description Language (RDDL) 2.0,” January 2004

[SecurityPolicy]

G. Della-Libra, et. al. "Web Services Security Policy Language (WS-SecurityPolicy)", July 2005

[WS-Security]

Anthony Nadalin, Chris Kaler, Phillip Hallam-Baker, Ronald Monzillo, eds. "OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)", OASIS Standard 200401, March 2004.

Anthony Nadalin, Chris Kaler, Phillip Hallam-Baker, Ronald Monzillo, eds. "OASIS Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)", OASIS Standard 200602, February 2006.

Appendix A. Acknowledgments

Appendix B. XML Schema

A normative copy of the XML Schema [XML-Schema Part1, XML-Schema Part2] description for this specification may be retrieved from the following address:

http://docs.oasis-open.org/ws-rx/wsrmp/200608/wsrmp-1.1-schema-200608.xsd

The following copy is provided for reference.

<?xml version="1.0" encoding="UTF-8"?>
<!--
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.
OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
Copyright (c) OASIS Open 2002-2006. All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-->
<xs:schema xmlns:tns="http://docs.oasis-open.org/ws-rx/wsrmp/200608" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://docs.oasis-open.org/ws-rx/wsrmp/200608" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:element name="RMAssertion">

<xs:complexType>

<xs:sequence>

<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccur

</xs:sequence>

<xs:anyAttribute namespace="##any" processContents="lax"/>

</xs:complexType>

</xs:element>

<xs:element name="SequenceSTR">

<xs:complexType>

<xs:sequence/>

<xs:anyAttribute namespace="##any" processContents="lax"/>

</xs:complexType>

</xs:element>

<xs:element name="SequenceTransportSecurity">

<xs:complexType>

<xs:sequence/>

<xs:anyAttribute namespace="##any" processContents="lax"/>

</xs:complexType>

</xs:element>
</xs:schema>

Appendix C. Revision History

Appendix D. Notices