Web Services (WS)-Commons Policy provides an implementation of WS-Policy specification.It provides a convenient model to process any policy information at runtime. In other words, it allows you to convert any policy to an object (which is its runtime representation) and play with it as you like. You could normalize it and then print it if you want to convert your original policy into a standard format. Else you could merge or intersect that policy object with another policy object and print it to see how the merge / or intersect looks like.
WS-Policy specification define policy operations to manipulate policies. WS-Commons/Policy framework support all these operations which are extremely useful when trying to do complex policy manipulations
A WS-policy is a set of requirements that have to be met in order to consume a web service.
A requirement can be domain specific. For instance, if your policy demands that you need security token type, then its a primitive requirement. PrimtiveAssertion class represents such requirements in Commons/Policy framework.
Another requirement would be to meet several assertions in a certain way. For instance, an assertion would require all its child assertions be met while another assertion may require exactly one of its child assertions be met. Such assertions are known as CompositeAssertions. If assertion implements CompositeAssertion marker-interface, it's an indication that this assertion is of CompositeAssertion type. For instance AndCompositeAssertion, XorCompositeAssertion and Policy are of CompositeAssertion type.
If you consider the AndCompositeAssertion it requires all its child terms be met. If its XorCompositeAssertion type, it requires that exactly one of its child terms be met. Both Policy and AndCompositeAssertion requires same behavior except that in Policy, policy object is the outer most element.
The object model in WS-Commons/Policy becomes very handy when it comes to policy operations. For instance you could invoke normalize() method on a policy object which will return a new policy object which has the same implication, but in a standard format.
If you merge a policy object with another policy object it will return a new policy object which represents the merged policies of those two objects. If you could satisfy any policy alternative available in the resultant object, it is guaranteed that at least one policy alternative of both policy objects could be met.
One interesting application of policies would be to identify which policy alternatives that both parties can agree upon. The simple solution is to intersect the two policy objects and get the resultant policy object. It would contain all possible policy alternatives that both parties agree upon.
Commons/Policy framework is now reaching its maturity. It is used in other web services projects like Axis2, Sandehsa2 and WSS4J to process any policy information they require. Recently it passed all the WS Policy Interop Round1 which is aimed to test the correctness of object model. And it seems safe to say that bright future is ahead.
You can learn how to use Apache WS-Policy by checking out our User's Guide
Web services is an emerging technology with enormous promise. The biggest advantage of web services is its cross platform capability. In other words, Web services allow applications to communicate in a platform independent manner. However, communication between non trivial Web services is not that straight forward. For instance, if WS-Security is enabled, the client must determine if WS-Security is optional or madatory for this service. If it is mandatory then client must determine the security token type the server understands or it prefers. After which client must determine whether to sign the messages and which parts to sign. Finally client must determine whether to encrypt the message and if so what algorithm to use. Without such information, integrating two Web services would be a next to impractical.
So far there was no standard way to convey this information except documentation or emails from developer to developer. WS-Policy addresses this issue and provides a standard framework to express these additional details. However, it is left to the authors of other specifications to extend this framework to convey any specific details that fall within the scope of those specifications.