WSDL and Policy
This topic covers Windows Communication Foundation (WCF) WSDL 1.1, WS-Policy and WS-PolicyAttachment implementation details, as well as additional WS-Policy assertions and WSDL 1.1 extensions introduced by WCF.
WCF implements WS-Policy and WS-PolicyAttachment specifications submitted to W3C with constraints and clarifications described in this document.
This document uses the prefixes and namespaces shown in the following table.
wsp (WS-Policy 1.2)
wsp (WS-Policy 1.5)
WCF uses the following WSDL1.1 extensions to describe contract session requirements.
xs:boolean, indicates this operation initiates a WCF session; the default value is false.
xs:boolean, indicates this operation terminates a WCF session; the default value is false.
xs:boolean, indicates this contract requires session to be established.
WCF uses the following URIs to indicate transports to be used for WSDL 1.1, SOAP 1.1, and SOAP 1.2 binding extension elements.
In addition to policy assertions introduced in the Web Services specifications (WS-*) and mentioned in other sections of this document, WCF implements the following policy assertions.
Endpoint uses HTTP Basic Authentication.
Endpoint uses HTTP Digest Authentication.
Endpoint uses HTTP Negotiate Authentication.
Endpoint uses HTTP NTLM Authentication.
Endpoint uses streamed message framing. This assertion is used with the Message Framing protocol provided for transports such as TCP, and named pipes.
Endpoint uses transport-layer security (TLS) with message framing.
Endpoint uses Security Provider Negotiation (SPNEGO) with message framing.
MSMQ with best-effort guarantees.
MSMQ with Session guarantees.
Authentication is used with MSMQ transport.
MSMQ uses Windows Domain authentication.
Endpoint uses two separate converse transport connections for in and out messages.
RSA key token assertion. This requirement is typically satisfied by an RSA key serialized directly as part of the key information in an endorsing signature.
Requires that a SecurityContextToken obtained using binary TLS handshake using WS-Trust be used. Nested assertions include: sp:RequireDerivedKeys, mssp:MustNotSendCancel, mssp:RequireClientCertificate.
Specifies a requirement that a request security token (RST) request messages [WS-Trust] using the Cancel binding [WS-Trust, WS-SC] not be sent to the issuer of a given SecurityContextToken. If this assertion is present, then such request messages must not be sent to the issuer. If this assertion is not present, then such request messages can be sent to the issuer.
This optional element specifies a requirement for a client certificate to be provided as part of the TLSNEGO protocol. If this assertion is present, then a client certificate must be provided. If this assertion is not present, then a client certificate must not be provided. This assertion must not be used outside of mssp:SslContextToken.