Web services policies

The emerging web services specifications such as for privacy, authorization and session management are discussed. For many of these functions, products from different vendors are used many of them have no need to interoperate, but for many interoperability between products is required. Policy expression, policy association with service interfaces, and policy negotiation protocols all effect interoperability so open standards will be most important in these areas. Although standards groups are not yet working on policy negotiation, several standard proposals exist for policy expression and for association with provider services. The policy layer is the key for Web services policies because it determine the general policy model. Most standard groups have defined their vocabularies as part of their assertions. The current trend toward using new XML structures for each new assertion type will inhibit policy interoperability, maintainability, and automated negotiation.