The emergent specification that handles the policies of a web service, WS-Policy, is to be handed to a standards body to begin ratification as a standard “any day now”, Computer Business Review has learned.
The news was confirmed by one of the authors of the specification, though they asked not to be named in this article. The authors of the WS-Policy specification are IBM, BEA Systems, Microsoft, SAP, Sonic Software and VeriSign.
Our source would not be drawn as to which standards body WS-Policy is about to be handed to, but the most likely candidates would appear to be either the World Wide Web Consortium (W3C) or the Organization for the Advancement of Structured Information (OASIS). Both have already taken the job of turning other WS* specifications into standards, with W3C taking WS-Addressing and OASIS doing WS-Security.
These WS* specifications – some of which are closer to changing from a specification created by a group of vendors into a true standard than others – are seen by many as critical to the underpinnings of not only web services but also service-oriented architecture, or SOA.
While many of the web services standards are well tested and relatively mature – such as XML, HTTP, SOAP and WSDL – key capabilities that many would consider vital for mission critical applications, such as WS-Reliable Messaging, WS-Security and WS-Policy, are either relatively immature standards or have not progressed beyond the specification stage.
WS-Policy is designed to provide a general purpose model and syntax to describe and communicate the policies of a web service. It should provide a flexible and extensible grammar for expressing the capabilities, requirements, and general characteristics of entities in an XML web services-based system, according to its authors.
WS-Policy defines a framework and a model for the expression of these properties as policies. It’s rather vital as it will handle how a particular web service deals with the likes of security, privacy, application priorities, user account priorities and traffic control in a web services environment.