1. Field of the Invention
The present invention generally relates to network systems and more particularly relates to a method and system for determining and enforcing policy attributes of Web servers and Web services.
2. Description of the Related Art
When Web services are provided over a network, security policies generally need to be employed to prevent unauthorized users from accessing Web servers and Web services. Currently Web services provided in JAVA application servers (e.g., WebLogic, WebSphere, JBoss, etc.) and in other environments may define a security policy on a per Web service basis. These security-policy files define the types of security tokens (e.g., KerberosToken, X509Token, SamlToken, etc.) that the Web service will accept. In general, security tokens are used in the web service environment to identify a client (e.g., via credentials). The Web service provider can use this token to authenticate/validate a client based on the credentials set in the security token. The security policy settings of a Web service are retrieved by Web service clients through use of WS MetadataExchange protocol or other out-of-band methods. The security policy discovery process usually takes place during Web service discovery process but may also occur after the Web service has been discovered during run time.