AFAIK WSDL 1.1 didn't support the definition of any security features needed for consuming a service, i.e. if a service only accepted SOAP messages protected with WS-Security, one couldn't define this in the WSDL but had to find out on different ways.
WSDL 2.0 has a "Feature Component" ( https://www.w3.org/TR/2003/WD-wsdl20-20031110/#Feature) which could be used to declare that the service expects only SOAP Messages with WS-Security secured messages. Is my understanding of the Feature Component correct?
If yes, wouldn't this imply that it competes with WS-Policy? Or at least for the "low-level", "technical" policies be a substitute technology?
Unfortunately WSDL doesn't yet support security. There is a lot of work going on behind the scenes on the best way to declare security in WSDL. However, nothing has reached the level of a specification. Bottom line is that you could use the feature component to declare what your service expects, but this would not be generally interoperable. Part of the off-line discussion is the intersection of some of the ideas for WSDL based security with WS-Policy, which is also not yet a specification from a specification committee.
Dig Deeper on Topics Archive
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.