7-4 Oracle Fusion Middleware Security and Administrators Guide for Web Services For example, if Security is selected in the Category field, and Service Endpoints is selected in the Applies To field, and the Name field is left blank, then the policies returned are those security policies that can be attached to Web service endpoints. Creating Web Service Policies You can create a Web service policy in one of the following ways: ■ Creating a new policy using assertion templates ■ Creating a policy from an existing policy ■ Importing a policy from a file ■ Creating custom policies The sections that follow describe how to create policies using each of these methods. Creating a New Web Service Policy Follow the procedure below to create a new policy using one or more assertion templates. Table 7–1 Search Filter Criteria Field Description Category Category to which the Web service policy belongs. The options are: ■ All ■ Security ■ MTOM Attachments ■ Reliable Messaging ■ WS-Addressing ■ Management Applies To Policy subject to which the policy can be attached. The options are: ■ All – All means that the policy is targeted for any type of endpoint. All refers to the policies that can be applied to Service Endpoints, or Service Clients, or SOA Components. ■ Service Endpoints – Policies that can be attached to Web services. See Types of Web Services and Clients in Oracle Fusion Middleware Introducing Web Services. ■ Service Clients – Policies that can be attached to Web service clients. See Types of Web Services and Clients in Oracle Fusion Middleware Introducing Web Services. ■ SOA Components – Policies that can be attached to SOA components SOA Web services are categorized as Service Endpoints, and SOA references are categorized as Service Clients. Name Name of the policy. You can enter the complete name or part of policy name. For example, if you enter http, any policy with http in any part of its name is returned. Managing Web Service Policies 7-5 To create a new Web service policy 1. Navigate to the Web Services Policy page, as described in Navigating to the Web Services Policies Page in Fusion Middleware Control on page 7-2.

2. From the Category menu, select the category to which this policy will belong and

click Create. 3. In the Create Policy page Figure 7–3 , enter the path, name, and brief description for your policy. All policies are identified by the directory in which the policy is located. Oracle recommends that you follow the policy naming conventions described in Recommended Naming Conventions for Policies on page 3-10. Figure 7–3 Create Policy Page

4. Set the Local Optimization control. See

Configuring Local Optimization for a Policy on page 11-101 for a description of the Local Optimization control. 5. By default, the policy is enabled. If you want to disable the policy, clear the Enabled box. A policy that is not enabled is not enforced at run time. 6. Specify the type of policy subjects the policy can be attached to by selecting from the Applies To menu. If you select Service Bindings, then specify whether the policy can be attached to Web service endpoints, Web service clients, or to both. Of the predefined assertions, only assertions which you add next of type securitylogging can be added under Service Category Both. If you plan to add other types of assertions, choose Service Endpoints or Service Clients. 7. To add a single assertion:

a. In the Assertions section, click Add.

Note: The Create button is available only for the Security and Management categories. Note: You cannot edit the name of a policy once the policy is created. To change the policy name, you will need to copy the policy and assign it a different name.