As Umit Yalcinalp recently Found your chocolate egg?: WS-Policy is submitted to the w3c, WS-Policy and WS-PolicyAttachment have been submitted to the W3C for further standardization. WS-Policy isn't really rocket science, but it is in the center of Web services interoperability since it is used to describe the characteristics of a Web service that consumers need to understand before they can seamlessly interact with it. Without WS-Policy, one would either need to call the administrator of the Web service provider or need to try interacting with the service in a trial and error mode in order to find out, for example, the detailed security settings. That is why BEA Systems once called WS-Policy the "phone call avoidance protocol" ... As one can see from the last section of the team comment on WS-Policy submission, the W3C Team is already working on a charter for a working group in this area. Without disclosing any confidential information, it is quite obvious that the aim is to produce a W3C Recommendation as quickly as possible along the lines of the Tips for Getting to Recommendation Faster. In parallel to the submission, the authors of the specifications scoped and scheduled an interoperability workshop to test the interoperability of available implementations of WS-Policy. Specifications often tend to look consistent and only when actually implementing them, various inconsistencies, ambiguities and gaps are found. That is why the aim of the workshop was to resolve any remaining issues and to demonstrate the maturity of the specification. The collected results and feedback can also save time during the standardization at W3C. SAP hosted the WS-Policy interoperability workshop at its headquarters in Walldorf, Germany, April 25-27. Seven companies (BEA Systems, IBM, Layer 7 Technologies, Microsoft, SAP, Sun Microsystems, WSO2) brought their implementations of WS-Policy, WS-PolicyAttachment and WS-SecurityPolicy. As far as the framework-level tasks of policy normalization, merging and intersection are concerned, there were no interoperability issues, except two questions about the actual processing were raised. One related to the normalization of nested policy assertions, the other to the application of default values specified in policy assertions. A proposal for slightly enhanced text to address these questions in WS-Policy will be submitted to the W3C Working Group as soon as it is established. The participants then tested their implementations of WS-SecurityPolicy. This was important in order to demonstrate the use of WS-Policy in a domain-specific scenario. Testing comprised two transport-level policies (named T1 and T3) and two message-level policies (named A11 and A12). Details about the interoperability scnenarios can be obtained, for example, from MSDN. It was quickly determined that every vendor had the same interpretation of the scenario documentation, thus, most of the workshop time was used in order to fix implementation details. For example, the different use of namespaces, additional SOAP headers, certificates, etc. caused various issues that were resolved during the workshop. Finally, almost any interoperability scenario was working between all implementations. One question came up related to the meaning of the use of transport-level security (as described by means of WS-SecurityPolicy) when an HTTP endpoint (not HTTPS) is in use. This will be submitted as an issue to the OASIS WS-SX TC, which is charged for standardization of WS-SecurityPolicy and other specifications, for further investigation. All in all, this means that the version of WS-Policy that has been submitted to the W3C is complete enough to meet the needs of various domains and mature enough to being implemented in an interoperable manner. This feedback will certainly help both the standardization of the specifications and all those users that are looking for cross-platform interoperability. The feedback will also be taken into account SAP-internally in order to provide an as interoperable as possible implementation of WS-Policy, WS-PolicyAttachment and WS-SecurityPolicy with the next version of SAP NetWeaver.
