Hi Robert, You might be interested in my just-published article on "Understanding and modeling WSDL 1.1": http://www.ibm.com/developerworks/library/j-jws20/index.html (This discussion reminded me of the CXF tool, and I've requested added a link to that as a resource.) The next one covers extending the model to include WS-Policy/WS-SecurityPolicy, which sounds similar to what you want.
As Dan said, WS-I BSP is all about the runtime use of WS-Security and doesn't really cover much at the policy level. There are some common errors that occur when using WS-Policy/WS-SecurityPolicy, though, including mixing namespaces and using assertions in the wrong places. Some of these may be caught and reported by some of the web services stacks when you try to use a policy, others may slip by and just leave you scratching your head over apparently-bizarre results. I've experienced a considerably amount of that myself in writing the WS-Security articles in my series for devWorks! I plan to publish an online version of my verification and restructuring tool next month to go along with the completion of the three-part series, so I'll update the list when that's available. - Dennis Dennis M. Sosnoski Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html> Axis2/CXF/Metro SOA and Web Services Training <http://www.sosnoski.com/training.html> Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html> On 02/08/2011 04:39 AM, robert wrote: > My group has a requirement to validate published WSDLs for compliance > against the WS-I Basic Security Profile. > > Perhaps I have misunderstood the requirement, in relationship to the > 'published' sense? Or perhaps, the requirement could be refined > further. > > On Mon, 7 Feb 2011 10:20:04 -0500, Daniel Kulp <dk...@apache.org> > wrote: > >> On Monday 07 February 2011 9:55:42 am robert wrote: >> >>> Consider the online help for the WSDL validator tool: >>> http://cxf.apache.org/docs/wsdlvalidator.html. >>> >>> The text states that the following check is performed: "Validate the >>> WSDL document against custom validation rules, such as those defined by >>> the Web Services Interoperability (WS-I) organization (i.e. WS-I Basic >>> Profile rules)." >>> >>> I have two questions in this regards, >>> >>> (1) The checks target what version of WS-I Basic Profile? If it's >>> not Web Services Interoperability Organization’s Basic Profile, Version >>> 1.2, could checks be added for this latest version? >>> >>> >> It's WS-I Basic Profile.. It's not all the rules though. I think WSI-BP >> defines hundreds, if not thousands, of checks. We're pretty much checking >> for the common issues. If someone wants to go through the BP spec >> and write >> additional checks, that would be great. It's not a priority for >> *ME* as the >> existing checks have been fairly adequate. >> >> >>> (2) Are there any checks performed in relationship to "Web Services >>> Interoperability Organization’s Basic Security Profile, Version 1.1"... >>> if not, could there be? >>> >> Well, the WSI-security profile defines on-the-wire rules and such. >> It really >> doesn't define any rules for anything in the WSDL. What would a *WSDL* >> validator validate with this? >> >
