Paul Fremantle <firstname.lastname@example.org>
Sanjay Patil <email@example.com>
Doug Davis, IBM <firstname.lastname@example.org>
Anish Karmarkar, Oracle <Anish.Karmarkar@oracle.com>
Gilbert Pilz, BEA <email@example.com>
Ümit Yalçinalp, SAP <firstname.lastname@example.org>
This specification replaces or supercedes:
Declared XML Namespaces:
By using the XML [XML], SOAP [SOAP 1.1], [SOAP 1.2] and WSDL [WSDL 1.1] extensibility models, the WS* specifications are designed to be composed with each other to provide a rich Web services environment. This by itself does not provide a negotiation solution for Web services. This is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of policy exchange models.
This document was last revised or approved by the WS-RX Technical Committee on the above date. The level of approval is also listed above. Check the "Latest Version" or "Latest Approved Version" location noted above for possible later revisions of this document.
Technical Committee members should send comments on this specification to the Technical Committee's email list. Others should send comments to the Technical Committee by using the "Send A Comment" button on the Technical Committee's web page at http://www.oasis-open.org/committees/ws-rx/.
For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page (http://www.oasis-open.org/committees/ws-rx/ipr.php).
The non-normative errata page for this specification is located at http://www.oasis-open.org/committees/ws-rx/.
Copyright © OASIS® 1993–2008. All Rights Reserved.
All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification.
OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this specification by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification. OASIS may include such claims on its website, but disclaims any obligation to do so.
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims.
The name "OASIS", WS-ReliableMessaging Policy, WS-ReliableMessaging, WSRMP, WSRM, WS-RX are trademarks of OASIS, the owner and developer of this specification, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, specifications, while reserving the right to enforce its marks against misleading uses. Please see http://www.oasis-open.org/who/trademark.php for above guidance.
This specification defines a domain-specific policy assertion for reliable messaging for use with WS-Policy and WS-ReliableMessaging.
This specification uses the following syntax to define normative outlines for messages:
Elements and Attributes defined by this specification are referred to in the text of this document using XPath 1.0 [XPATH 1.0] expressions. Extensibility points are referred to using an extended version of this syntax:
Bradner, "Key words for use
in RFCs to Indicate Requirement Levels," RFC 2119, Harvard University, March 1997.
[SOAP 1.2] W3C Recommendation, "SOAP Version 1.2
Part 1: Messaging Framework" June 2003.
Berners-Lee, R. Fielding, L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax," RFC 3986, MIT/LCS,
U.C. Irvine, Xerox Corporation, January 2005.
Committee Specification 02, "Web Services
Reliable Messaging (WS-ReliableMessaging)," November 2008.
Markup Language (XML) 1.0 (Fourth Edition)", September 2006.
[RDDL 2.0] Jonathan
Borden, Tim Bray, eds. “Resource Directory
Description Language (RDDL) 2.0,” January 2004
[SecurityPolicy] OASIS Committee
Specification 01, "WS-SecurityPolicy
1.3", November 2008
[WS-PolicyAttachment] W3C Recommendation, "Web Services
Policy 1.5 - Attachment," September 2007.
Nadalin, Chris Kaler, Phillip Hallam-Baker, Ronald Monzillo, eds. "", OASIS Standard 200401, March 2004.
Anthony Nadalin, Chris Kaler, Phillip Hallam-Baker, Ronald Monzillo, eds. "OASIS Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)", OASIS Standard 200602, February 2006.
Dereferencing the above URI will produce the Resource Directory Description Language [RDDL 2.0] document that describes this namespace.
Table 1 lists the XML namespaces that are used in this specification. The choice of any namespace prefix is arbitrary and not semantically significant.
All sections explicitly noted as examples are informational and are not to be considered normative.
An implementation is not compliant with this specification if it fails to satisfy one or more of the MUST or REQUIRED level requirements defined herein. A SOAP Node MUST NOT use the XML namespace identifier for this specification (listed in section 1.4) within SOAP Envelopes unless it is compliant with this specification.
Normative text within this specification takes precedence over normative outlines, which in turn take precedence over the XML Schema [XML-Schema Part1, ] descriptions.
WS-Policy Framework and WS-Policy Attachment [WS-PolicyAttachment] collectively define a framework, model and grammar for expressing the requirements, and general characteristics of entities in an XML Web services-based system. To enable an RM Destination and an RM Source to describe their requirements for a given Sequence, this specification defines a single RM policy assertion that leverages the WS-Policy framework.
The RM policy assertion indicates that the RM Source and RM Destination MUST use WS-ReliableMessaging to ensure reliable delivery of messages. Specifically, the WS-ReliableMessaging protocol determines invariants maintained by the reliable messaging endpoints and the directives used to track and manage the delivery of a Sequence of messages.
The normative outline for the RM assertion is:
The following describes the content model of the RMAssertion element.
A policy assertion that specifies that WS-ReliableMessaging protocol MUST be used when sending messages.
Per WS-Policy, this is compact notation for two policy alternatives, one with and one without the assertion. The intuition is that the behavior indicated by the assertion is optional, or in this case, that WS-ReliableMessaging MAY be used.
This required element allows for the inclusion of nested policy assertions.
When present, this assertion defines the requirement that an RM Sequence MUST be bound to an explicit token that is referenced from a wsse:SecurityTokenReference in the CreateSequence message. See section 2.5.1.
When present, this assertion defines the requirement that an RM Sequence MUST be bound to the session(s) of the underlying transport-level protocol used to carry the CreateSequence and CreateSequenceResponse message. When present, this assertion MUST be used in conjunction with the sp:TransportBinding assertion, see section 2.5.2.
This expression, which may be
omitted, describes the message delivery quality of service between the RM and
application layer. When used by an RM Destination it expresses the delivery
assurance in effect between the RM Destination and its corresponding
application destination, and it also indicates requirements on any RM Source
that transmits messages to this RM destination. Conversely when used by an RM
Source it expresses the delivery assurance in effect between the RM Source and
its corresponding application source, as well as indicating requirements on any
RM Destination that receives messages from this RM Source. In either case the
delivery assurance does not affect the messages transmitted on the wire.
Absence of this expression from a wsrmp:RMAssertion policy assertion
simply means that the endpoint has chosen not to advertise its delivery
Note that when there are multiple policy alternatives of the RM Assertion, the Delivery Assurance on each MUST NOT conflict.
This required element identifies additional requirements for the use of the wsrmp:DeliveryAssurance.
This expresses the ExactlyOnce Delivery Assurance defined in [WS-RM].
This expresses the AtLeastOnce Delivery Assurance defined in [WS-RM].
This expresses the AtMostOnce Delivery Assurance defined in [WS-RM].
This expresses the InOrder Delivery Assurance defined in [WS-RM].
This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed.
This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed.
The RM policy assertion is allowed to have the following Policy Subjects [WS-PolicyAttachment]:
WS-PolicyAttachment defines a set of WSDL/1.1 policy attachment points for each of the above Policy Subjects. Since an RM policy assertion specifies a concrete behavior, it MUST NOT be attached to the abstract WSDL policy attachment points.
The following is the list of WSDL/1.1 elements whose scope contains the Policy Subjects allowed for an RM policy assertion but which MUST NOT have RM policy assertions attached:
The following is the list of WSDL/1.1 elements whose scope contains the Policy Subjects allowed for an RM policy assertion and which MAY have RM policy assertions attached:
If an RM policy assertion is attached to any of:
then an RM policy assertion, specifying wsp:Optional=”true” MUST be attached to the corresponding wsdl:binding or wsdl:port, indicating that the endpoint supports WS-RM. Any messages, regardless of whether they have an attached Message Policy Subject RM policy assertion, MAY be sent to that endpoint using WS-RM. Additionally, the receiving endpoint MUST NOT reject any message belonging to a Sequence, simply because there was no Message Policy Subject RM policy assertion attached to that message. There might be certain RM implementations that are incapable of applying RM Quality of Service (QoS) semantics on a per-message basis. In order to ensure the broadest interoperability, when an endpoint decorates its WSDL with RM policy assertions using Message Policy Subject, it MUST also be prepared to accept that all messages sent to that endpoint might be sent within the context of an RM Sequence, regardless of whether the corresponding wsdl:input, wsdl:output or wsdl:fault had an attached RM policy assertion.
Rather than turn away messages that were unnecessarily sent with RM semantics, the receiving endpoint described by the WSDL MUST accept these messages.
By attaching an RM policy assertion that specifies wsp:Optional="true" to the corresponding endpoint that has attached RM policy assertions at the Message Policy Subject level, the endpoint is describing the above constraint in policy.
In the case where an optional RM Assertion applies to an output message, there is no requirement on the client to support an RM Destination implementation
Table 2 lists an example use of the RM policy assertion.
Line (09) in Table 2 indicates that WS-Policy is in use as a required extension.
Lines (11-16) are a policy expression that includes a RM policy assertion (lines 12-14) to indicate that WS-ReliableMessaging must be used.
Lines (20-23) are a WSDL binding. Line (21) indicates that the policy in lines (11-16) applies to this binding, specifically indicating that WS-ReliableMessaging must be used over all the messages in the binding.
WS-SecurityPolicy [SecurityPolicy] provides a framework and grammar for expressing the security requirements and characteristics of entities in a XML web services based system. The following assertions MAY be used in conjunction with WS-SecurityPolicy to express additional security requirements particular to RM Sequences.
This version of the RM assertion includes the requirement that an RM Sequence MUST be bound to an explicit token that is referenced from a wsse:SecurityTokenReference in the CreateSequence message.
This assertion MUST apply to [Endpoint Policy Subject]. The normative outline for this form of the Sequence STR Assertion is:
The following describes the content model of the SequenceSTR element.
A policy assertion that specifies security requirements which MUST be used with an RM Sequence that are particular to WS-RM and beyond what can be expressed in WS-SecurityPolicy.
This version of the RM assertion includes the requirement that an RM Sequence MUST be bound to the session(s) of the underlying transport-level security protocol (e.g. SSL/TLS) used to carry the CreateSequence and CreateSequenceResponse messages.
This assertion MUST apply to [Endpoint Policy Subject]. This assertion MUST be used in conjunction with the sp:TransportBinding assertion that requires the use of some transport-level security mechanism (e.g. sp:HttpsToken).
The normative outline for this form of the RM Assertion with the Sequence Transport Security Assertion is:
The following describes the content model of the SequenceTransportSecurity element.
A policy assertion that specifies that any Sequences targeted to the indicated endpoint MUST be bound to the underlying session(s) of the transport-level security used to carry messages related to the Sequence.
This form of the RM Assertion says that an endpoint MAY have RM as an option but always requires HTTPS to be used. All the SequenceTransportSecurity assertion indicates is that RM's rules for protecting the Sequence over TLS are followed.
It is strongly RECOMMENDED that policies and assertions be signed to prevent tampering.
It is RECOMMENED that policies SHOULD NOT be accepted unless they are signed and have an associated security token to specify the signer has proper claims for the given policy. That is, a relying party shouldn't rely on a policy unless the policy is signed and presented with sufficient claims to pass the relying parties acceptance criteria.
It should be noted that the mechanisms described in this document could be secured as part of a SOAP message using WS-Security [WS-Security] or embedded within other objects using object-specific security mechanisms.
The following copy is provided for reference.
This document is based on initial contribution to OASIS WS-RX Technical Committee by the following authors:
Stefan Batres-Editor, Microsoft
Ruslan Bilorusets, BEA
Don Box, Microsoft
Luis Felipe Cabrera, Microsoft
Derek Collison, TIBCO Software
Donald Ferguson, IBM
Christopher Ferris, IBM
Tom Freund, IBM
Mary Ann Hondo, IBM
John Ibbotson, IBM
Lei Jin, BEA
Chris Kaler, Microsoft
David Langworthy, Microsoft
Amelia Lewis, TIBCO Software
Rodney Limprecht, Microsoft
Steve Lucco, Microsoft
Don Mullen, TIBCO Software
Anthony Nadalin, IBM
Mark Nottingham, BEA
David Orchard, BEA
Shivajee Samdarshi, TIBCO Software
John Shewchuk, Microsoft
Tony Storey, IBM
The following individuals have provided invaluable input into the initial contribution:
Keith Ballinger, Microsoft
Allen Brown, Microsoft
Michael Conner, IBM
Francisco Curbera, IBM
Steve Graham, IBM
Pat Helland, Microsoft
Rick Hill, Microsoft
Scott Hinkelman, IBM
Tim Holloway, IBM
Efim Hudis, Microsoft
Johannes Klein, Microsoft
Frank Leymann, IBM
Martin Nally, IBM
Peter Niblett, IBM
Jeffrey Schlimmer, Microsoft
Chris Sharp, IBM
James Snell, IBM
Keith Stobie, Microsoft
Satish Thatte, Microsoft
Stephen Todd, IBM
Sanjiva Weerawarana, IBM
Roger Wolter, Microsoft
The following individuals were members of the committee during the development of this specification:
Abbie Barbir, Nortel
Charlton Barreto, Adobe
Stefan Batres, Microsoft
Hamid Ben Malek, Fujitsu
Andreas Bjarlestam, Ericsson
Toufic Boubez, Layer 7
Doug Bunting, Sun
Lloyd Burch, Novell
Steve Carter, Novell
Martin Chapman, Oracle
Dave Chappell, Sonic
Paul Cotton, Microsoft
Glen Daniels, Sonic
Doug Davis, IBM
Blake Dournaee, Intel
Jacques Durand, Fujitsu
Colleen Evans, Microsoft
Christopher Ferris, IBM
Paul Fremantle, WSO2
Robert Freund, Hitachi
Peter Furniss, Erebor
Marc Goodner, Microsoft
Alastair Green, Choreology
Mike Grogan, Sun
Ondrej Hrebicek, Microsoft
Kazunori Iwasa, Fujitsu
Chamikara Jayalath, WSO2
Lei Jin, BEA
Ian Jones, BTplc
Anish Karmarkar, Oracle
Paul Knight, Nortel
Dan Leshchiner, Tibco
Mark Little, JBoss
Lily Liu, webMethods
Matt Lovett, IBM
Ashok Malhotra, Oracle
Jonathan Marsh, Microsoft
Daniel Millwood, IBM
Jeff Mischkinsky, Oracle
Nilo Mitra, Ericsson
Peter Niblett, IBM
Duane Nickull, Adobe
Eisaku Nishiyama, Hitachi
Dave Orchard, BEA
Chouthri Palanisamy, NEC
Sanjay Patil, SAP
Gilbert Pilz, BEA
Martin Raepple, SAP
Eric Rajkovic, Oracle
Stefan Rossmanith, SAP
Tom Rutt, Fujitsu
Rich Salz, IBM
Shivajee Samdarshi, Tibco
Vladimir Videlov, SAP
Claus von Riegen, SAP
Pete Wenzel, Sun
Steve Winkler, SAP
Ümit Yalçinalp, SAP
Nobuyuki Yamamoto, Hitachi