Web Services Reliable Messaging Policy Assertion (WS-RM Policy) Version 1.2

OASIS Standard

2 February 2009

Specification URIs:

This Version:



http://docs.oasis-open.org/ws-rx/wsrmp/200702/wsrmp-1.2-spec-os.doc (Authoritative)

Previous Version:



http://docs.oasis-open.org/ws-rx/wsrmp/200702/wsrmp-1.2-spec-cs-02.doc (Authoritative)

Latest Version:




Technical Committee:

OASIS Web Services Reliable Exchange (WS-RX) TC


Paul Fremantle <paul@wso2.com>

Sanjay Patil <sanjay.patil@sap.com>


Doug Davis, IBM <dug@us.ibm.com>

Anish Karmarkar, Oracle <Anish.Karmarkar@oracle.com>

Gilbert Pilz, BEA <gpilz@bea.com>

Ümit Yalçinalp, SAP <umit.yalcinalp@sap.com>

Related Work:

This specification replaces or supercedes:

·         WS-ReliableMessaging Policy v1.1

Declared XML Namespaces:



This specification describes a domain-specific policy assertion for WS-ReliableMessaging [WS-RM] that that can be specified within a policy alternative as defined in WS-Policy Framework [WS-Policy].

By using the XML [XML], SOAP [SOAP 1.1], [SOAP 1.2] and WSDL [WSDL 1.1] extensibility models, the WS* specifications are designed to be composed with each other to provide a rich Web services environment. This by itself does not provide a negotiation solution for Web services. This is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of policy exchange models.


This document was last revised or approved by the WS-RX Technical Committee on the above date. The level of approval is also listed above. Check the "Latest Version" or "Latest Approved Version" location noted above for possible later revisions of this document.

Technical Committee members should send comments on this specification to the Technical Committee's email list. Others should send comments to the Technical Committee by using the "Send A Comment" button on the Technical Committee's web page at http://www.oasis-open.org/committees/ws-rx/.

For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page (http://www.oasis-open.org/committees/ws-rx/ipr.php).

The non-normative errata page for this specification is located at http://www.oasis-open.org/committees/ws-rx/.


Copyright © OASIS® 1993–2009. All Rights Reserved.

All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this section are included on all such copies and derivative works. However, this document itself may not be modified in any way, including by removing the copyright notice or references to OASIS, except as needed for the purpose of developing any document or deliverable produced by an OASIS Technical Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.


OASIS requests that any OASIS Party or any other party that believes it has patent claims that would necessarily be infringed by implementations of this OASIS Committee Specification or OASIS Standard, to notify OASIS TC Administrator and provide an indication of its willingness to grant patent licenses to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification.

OASIS invites any party to contact the OASIS TC Administrator if it is aware of a claim of ownership of any patent claims that would necessarily be infringed by implementations of this specification by a patent holder that is not willing to provide a license to such patent claims in a manner consistent with the IPR Mode of the OASIS Technical Committee that produced this specification. OASIS may include such claims on its website, but disclaims any obligation to do so.

OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS' procedures with respect to rights in any document or deliverable produced by an OASIS Technical Committee can be found on the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this OASIS Committee Specification or OASIS Standard, can be obtained from the OASIS TC Administrator. OASIS makes no representation that any information or list of intellectual property rights will at any time be complete, or that any claims in such list are, in fact, Essential Claims.

The name "OASIS", WS-ReliableMessaging Policy, WS-ReliableMessaging, WSRMP, WSRM, WS-RX are trademarks of OASIS, the owner and developer of this specification, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, specifications, while reserving the right to enforce its marks against misleading uses. Please see http://www.oasis-open.org/who/trademark.php for above guidance.

Table of Contents

1      Introduction. 5

1.1 Terminology. 5

1.2 Normative. 5

1.3 Non Normative. 6

1.4 Namespace. 7

1.5 Conformance. 7

2      RM Policy Assertions. 8

2.1 Assertion Model 8

2.2 Normative Outline. 8

2.3 Assertion Attachment 9

2.4 Assertion Example. 11

2.5 Sequence Security Policy. 11

3      Security Considerations. 13

Appendix A. Schema. 14

Appendix B. Acknowledgments. 16


1    Introduction

This specification defines a domain-specific policy assertion for reliable messaging for use with WS-Policy and WS-ReliableMessaging.

1.1 Terminology

The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [KEYWORDS].

This specification uses the following syntax to define normative outlines for messages:

Elements and Attributes defined by this specification are referred to in the text of this document using XPath 1.0 [XPATH 1.0] expressions. Extensibility points are referred to using an extended version of this syntax:

1.2 Normative

[KEYWORDS]         S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels," RFC 2119, Harvard University, March 1997.

[SOAP 1.1]             W3C Note, "SOAP: Simple Object Access Protocol 1.1" 08 May 2000.

[SOAP 1.2]             W3C Recommendation, "SOAP Version 1.2 Part 1: Messaging Framework" June 2003.

[URI]                       T. Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax," RFC 3986, MIT/LCS, U.C. Irvine, Xerox Corporation, January 2005.

[WS-RM]                 OASIS Standard, "Web Services Reliable Messaging (WS-ReliableMessaging)," February 2009.

[WSDL 1.1]             W3C Note, "Web Services Description Language (WSDL 1.1)," 15 March 2001.

[XML]                     W3C Recommendation, "Extensible Markup Language (XML) 1.0 (Fourth Edition)", September 2006.

[XML-ns]                W3C Recommendation, "Namespaces in XML," 14 January 1999.

[XML-Schema Part1]          W3C Recommendation, "XML Schema Part 1: Structures," October 2004.

[XML-Schema Part2]          W3C Recommendation, "XML Schema Part 2: Datatypes," October 2004.

[XPATH 1.0]            W3C Recommendation, "XML Path Language (XPath) Version 1.0," 16 November 1999.

1.3 Non Normative

[RDDL 2.0]              Jonathan Borden, Tim Bray, eds. “Resource Directory Description Language (RDDL) 2.0,” January 2004

[SecurityPolicy]      OASIS Standard, "WS-SecurityPolicy 1.3", February 2009

[WS-Policy]            W3C Recommendation, "Web Services Policy 1.5 - Framework," September 2007.

[WS-PolicyAttachment]      W3C Recommendation, "Web Services Policy 1.5 - Attachment," September 2007.

[WS-Security]         Anthony Nadalin, Chris Kaler, Phillip Hallam-Baker, Ronald Monzillo, eds. "OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)",  OASIS Standard 200401, March 2004.

Anthony Nadalin, Chris Kaler, Phillip Hallam-Baker, Ronald Monzillo, eds. "OASIS Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)", OASIS Standard 200602, February 2006.

1.4 Namespace

The XML namespace [XML-ns] URI that MUST be used by implementations of this specification is:


Dereferencing the above URI will produce the Resource Directory Description Language [RDDL 2.0] document that describes this namespace.

Table 1 lists the XML namespaces that are used in this specification. The choice of any namespace prefix is arbitrary and not semantically significant.

Table 1






[WSDL 1.1]



WS-Policy 1.5



This specification.



WS-Security-Utility Schema

The normative schema for WS-ReliableMessaging can be found linked from the namespace document that is located at the namespace URI specified above.

All sections explicitly noted as examples are informational and are not to be considered normative.

1.5 Conformance

An implementation is not compliant with this specification if it fails to satisfy one or more of the MUST or REQUIRED level requirements defined herein. A SOAP Node MUST NOT use the XML namespace identifier for this specification (listed in section 1.4) within SOAP Envelopes unless it is compliant with this specification.

Normative text within this specification takes precedence over normative outlines, which in turn take precedence over the XML Schema [XML-Schema Part1, XML-Schema Part2] descriptions.

2      RM Policy Assertions

WS-Policy Framework and WS-Policy Attachment [WS-PolicyAttachment] collectively define a framework, model and grammar for expressing the requirements, and general characteristics of entities in an XML Web services-based system. To enable an RM Destination and an RM Source to describe their requirements for a given Sequence, this specification defines a single RM policy assertion that leverages the WS-Policy framework.

2.1 Assertion Model

The RM policy assertion indicates that the RM Source and RM Destination MUST use WS-ReliableMessaging to ensure reliable delivery of messages. Specifically, the WS-ReliableMessaging protocol determines invariants maintained by the reliable messaging endpoints and the directives used to track and manage the delivery of a Sequence of messages.

2.2 Normative Outline

The normative outline for the RM assertion is:

<wsrmp:RMAssertion [wsp:Optional="true"]? ... >


    [ <wsrmp:SequenceSTR/> |

      <wsrmp:SequenceTransportSecurity/> ] ?



        [ <wsrmp:ExactlyOnce/> |

          <wsrmp:AtLeastOnce/> |

          <wsrmp:AtMostOnce/> ]

        <wsrmp:InOrder/> ?


    </wsrmp:DeliveryAssurance> ?




The following describes the content model of the RMAssertion element.


A policy assertion that specifies that WS-ReliableMessaging protocol MUST be used when sending messages.


Per WS-Policy, this is compact notation for two policy alternatives, one with and one without the assertion. The intuition is that the behavior indicated by the assertion is optional, or in this case, that WS-ReliableMessaging MAY be used.


This required element allows for the inclusion of nested policy assertions.


When present, this assertion defines the requirement that an RM Sequence MUST be bound to an explicit token that is referenced from a wsse:SecurityTokenReference in the CreateSequence message. See section 2.5.1.


When present, this assertion defines the requirement that an RM Sequence MUST be bound to the session(s) of the underlying transport-level protocol used to carry the CreateSequence and CreateSequenceResponse message. When present, this assertion MUST be used in conjunction with the sp:TransportBinding assertion, see section 2.5.2.


This expression, which may be omitted, describes the message delivery quality of service between the RM and application layer. When used by an RM Destination it expresses the delivery assurance in effect between the RM Destination and its corresponding application destination, and it also indicates requirements on any RM Source that transmits messages to this RM destination. Conversely when used by an RM Source it expresses the delivery assurance in effect between the RM Source and its corresponding application source, as well as indicating requirements on any RM Destination that receives messages from this RM Source. In either case the delivery assurance does not affect the messages transmitted on the wire. Absence of this expression from a wsrmp:RMAssertion policy assertion simply means that the endpoint has chosen not to advertise its delivery assurance characteristics.
Note that when there are multiple policy alternatives of the RM Assertion, the Delivery Assurance on each MUST NOT conflict.


This required element identifies additional requirements for the use of the wsrmp:DeliveryAssurance.


This expresses the ExactlyOnce Delivery Assurance defined in [WS-RM].


This expresses the AtLeastOnce Delivery Assurance defined in [WS-RM].


This expresses the AtMostOnce Delivery Assurance defined in [WS-RM].


This expresses the InOrder Delivery Assurance defined in [WS-RM].


This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed.


This is an extensibility mechanism to allow different (extensible) types of information, based on a schema, to be passed.

2.3 Assertion Attachment

The RM policy assertion is allowed to have the following Policy Subjects [WS-PolicyAttachment]:

WS-PolicyAttachment defines a set of WSDL/1.1 policy attachment points for each of the above Policy Subjects. Since an RM policy assertion specifies a concrete behavior, it MUST NOT be attached to the abstract WSDL policy attachment points.

The following is the list of WSDL/1.1 elements whose scope contains the Policy Subjects allowed for an RM policy assertion but which MUST NOT have RM policy assertions attached:

The following is the list of WSDL/1.1 elements whose scope contains the Policy Subjects allowed for an RM policy assertion and which MAY have RM policy assertions attached:

If an RM policy assertion is attached to any of:

then an RM policy assertion, specifying wsp:Optional=”true” MUST be attached to the corresponding wsdl:binding or wsdl:port, indicating that the endpoint supports WS-RM. Any messages, regardless of whether they have an attached Message Policy Subject RM policy assertion, MAY be sent to that endpoint using WS-RM. Additionally, the receiving endpoint MUST NOT reject any message belonging to a Sequence, simply because there was no Message Policy Subject RM policy assertion attached to that message. There might be certain RM implementations that are incapable of applying RM Quality of Service (QoS) semantics on a per-message basis. In order to ensure the broadest interoperability, when an endpoint decorates its WSDL with RM policy assertions using Message Policy Subject, it MUST also be prepared to accept that all messages sent to that endpoint might be sent within the context of an RM Sequence, regardless of whether the corresponding wsdl:input, wsdl:output or wsdl:fault had an attached RM policy assertion.

Rather than turn away messages that were unnecessarily sent with RM semantics, the receiving endpoint described by the WSDL MUST accept these messages.

By attaching an RM policy assertion that specifies wsp:Optional="true" to the corresponding endpoint that has attached RM policy assertions at the Message Policy Subject level, the endpoint is describing the above constraint in policy.

In the case where an optional RM Assertion applies to an output message, there is no requirement on the client to support an RM Destination implementation

2.4 Assertion Example

Table 2 lists an example use of the RM policy assertion.

Table 2: Example policy with RM policy assertion


(02)    targetNamespace="example.com"

(03)    xmlns:tns="example.com"

(04)    xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"

(05)    xmlns:wsp="http://www.w3.org/ns/ws-policy"

(06)    xmlns:wsrmp="http://docs.oasis-open.org/ws-rx/wsrmp/200702"

(07)    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">


(09) <wsp:UsingPolicy wsdl:required="true" />


(11) <wsp:Policy wsu:Id="MyPolicy" >

(12)   <wsrmp:RMAssertion>

(13)     <wsp:Policy/>

(14)   </wsrmp:RMAssertion>

(15)   <!-- omitted assertions -->

(16) </wsp:Policy>


(18) <!-- omitted elements -->


(20) <wsdl:binding name="MyBinding" type="tns:MyPortType" >

(21)   <wsp:PolicyReference URI="#MyPolicy" />

(22)   <!-- omitted elements -->

(23) </wsdl:binding>



Line (09) in Table 2 indicates that WS-Policy is in use as a required extension.

Lines (11-16) are a policy expression that includes a RM policy assertion (lines 12-14) to indicate that WS-ReliableMessaging must be used.

Lines (20-23) are a WSDL binding. Line (21) indicates that the policy in lines (11-16) applies to this binding, specifically indicating that WS-ReliableMessaging must be used over all the messages in the binding.

2.5 Sequence Security Policy

WS-SecurityPolicy [SecurityPolicy] provides a framework and grammar for expressing the security requirements and characteristics of entities in a XML web services based system. The following assertions MAY be used in conjunction with WS-SecurityPolicy to express additional security requirements particular to RM Sequences.

2.5.1 RM Assertion with Sequence STR Assertion

This version of the RM assertion includes the requirement that an RM Sequence MUST be bound to an explicit token that is referenced from a wsse:SecurityTokenReference in the CreateSequence message.

This assertion MUST apply to [Endpoint Policy Subject]. The normative outline for this form of the Sequence STR Assertion is:

<wsrmp:RMAssertion [wsp:Optional="true"]? ...>





The following describes the content model of the SequenceSTR element.


A policy assertion that specifies security requirements which MUST be used with an RM Sequence that are particular to WS-RM and beyond what can be expressed in WS-SecurityPolicy.

2.5.2 RM Assertion with Sequence Transport Security Assertion

This version of the RM assertion includes the requirement that an RM Sequence MUST be bound to the session(s) of the underlying transport-level security protocol (e.g. SSL/TLS) used to carry the CreateSequence and CreateSequenceResponse messages.

This assertion MUST apply to [Endpoint Policy Subject]. This assertion MUST be used in conjunction with the sp:TransportBinding assertion that requires the use of some transport-level security mechanism (e.g. sp:HttpsToken).

The normative outline for this form of the RM Assertion with the Sequence Transport Security Assertion is:




      <wsrm:RMAssertion [wsp:Optional="true"]> ...>





      <sp:TransportBinding ...>






The following describes the content model of the SequenceTransportSecurity element.


A policy assertion that specifies that any Sequences targeted to the indicated endpoint MUST be bound to the underlying session(s) of the transport-level security used to carry messages related to the Sequence.

This form of the RM Assertion says that an endpoint MAY have RM as an option but always requires HTTPS to be used. All the SequenceTransportSecurity assertion indicates is that RM's rules for protecting the Sequence over TLS are followed.

3      Security Considerations

It is strongly RECOMMENDED that policies and assertions be signed to prevent tampering.

It is RECOMMENED that policies SHOULD NOT be accepted unless they are signed and have an associated security token to specify the signer has proper claims for the given policy. That is, a relying party shouldn't rely on a policy unless the policy is signed and presented with sufficient claims to pass the relying parties acceptance criteria.

It should be noted that the mechanisms described in this document could be secured as part of a SOAP message using WS-Security [WS-Security] or embedded within other objects using object-specific security mechanisms.

Appendix A.  Schema

A normative copy of the XML Schema [XML-Schema Part1, XML-Schema Part2] description for this specification may be retrieved from the following address:


The following copy is provided for reference.

<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright(C) OASIS(R) 1993-2007. All Rights Reserved.

     OASIS trademark, IPR and other policies apply.  -->
<xs:schema xmlns:tns="http://docs.oasis-open.org/ws-rx/wsrmp/200702" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://docs.oasis-open.org/ws-rx/wsrmp/200702" elementFormDefault="qualified" attributeFormDefault="unqualified">
  <xs:element name="RMAssertion">



        <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>


      <xs:anyAttribute namespace="##any" processContents="lax"/>



  <xs:element name="SequenceSTR">



      <xs:anyAttribute namespace="##any" processContents="lax"/>



  <xs:element name="SequenceTransportSecurity">



      <xs:anyAttribute namespace="##any" processContents="lax"/>



  <xs:element name="DeliveryAssurance">



        <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>




  <xs:element name="ExactlyOnce">





  <xs:element name="AtLeastOnce">





  <xs:element name="AtMostOnce">





  <xs:element name="InOrder">





Appendix B.  Acknowledgments

This document is based on initial contribution to OASIS WS-RX Technical Committee by the following authors:

Stefan Batres-Editor, Microsoft

Ruslan Bilorusets, BEA

Don Box, Microsoft

Luis Felipe Cabrera, Microsoft

Derek Collison, TIBCO Software

Donald Ferguson, IBM

Christopher Ferris, IBM

Tom Freund, IBM

Mary Ann Hondo, IBM

John Ibbotson, IBM

Lei Jin, BEA

Chris Kaler, Microsoft

David Langworthy, Microsoft

Amelia Lewis, TIBCO Software

Rodney Limprecht, Microsoft

Steve Lucco, Microsoft

Don Mullen, TIBCO Software

Anthony Nadalin, IBM

Mark Nottingham, BEA

David Orchard, BEA

Shivajee Samdarshi, TIBCO Software

John Shewchuk, Microsoft

Tony Storey, IBM

The following individuals have provided invaluable input into the initial contribution:

Keith Ballinger, Microsoft

Allen Brown, Microsoft

Michael Conner, IBM

Francisco Curbera, IBM

Steve Graham, IBM

Pat Helland, Microsoft

Rick Hill, Microsoft

Scott Hinkelman, IBM

Tim Holloway, IBM

Efim Hudis, Microsoft

Johannes Klein, Microsoft

Frank Leymann, IBM

Martin Nally, IBM

Peter Niblett, IBM

Jeffrey Schlimmer, Microsoft

Chris Sharp, IBM

James Snell, IBM

Keith Stobie, Microsoft

Satish Thatte, Microsoft

Stephen Todd, IBM

Sanjiva Weerawarana, IBM

Roger Wolter, Microsoft

The following individuals were members of the committee during the development of this specification:

Abbie Barbir, Nortel

Charlton Barreto, Adobe

Stefan Batres, Microsoft

Hamid Ben Malek, Fujitsu

Andreas Bjarlestam, Ericsson

Toufic Boubez, Layer 7

Doug Bunting, Sun

Lloyd Burch, Novell

Steve Carter, Novell

Martin Chapman, Oracle

Dave Chappell, Sonic

Paul Cotton, Microsoft

Glen Daniels, Sonic

Doug Davis, IBM

Blake Dournaee, Intel

Jacques Durand, Fujitsu

Colleen Evans, Microsoft

Christopher Ferris, IBM

Paul Fremantle, WSO2

Robert Freund, Hitachi

Peter Furniss, Erebor

Marc Goodner, Microsoft

Alastair Green, Choreology

Mike Grogan, Sun

Ondrej Hrebicek, Microsoft

Kazunori Iwasa, Fujitsu

Chamikara Jayalath, WSO2

Lei Jin, BEA

Ian Jones, BTplc

Anish Karmarkar, Oracle

Paul Knight, Nortel

Dan Leshchiner, Tibco

Mark Little, JBoss

Lily Liu, webMethods

Matt Lovett, IBM

Ashok Malhotra, Oracle

Jonathan Marsh, Microsoft

Daniel Millwood, IBM

Jeff Mischkinsky, Oracle

Nilo Mitra, Ericsson

Peter Niblett, IBM

Duane Nickull, Adobe

Eisaku Nishiyama, Hitachi

Dave Orchard, BEA

Chouthri Palanisamy, NEC

Sanjay Patil, SAP

Gilbert Pilz, BEA

Martin Raepple, SAP

Eric Rajkovic, Oracle

Stefan Rossmanith, SAP

Tom Rutt, Fujitsu

Rich Salz, IBM

Shivajee Samdarshi, Tibco

Vladimir Videlov, SAP

Claus von Riegen, SAP

Pete Wenzel, Sun

Steve Winkler, SAP

Ümit Yalçinalp, SAP

Nobuyuki Yamamoto, Hitachi