WS-Security Policy is a web services specification, created by IBM and 12 co-authors, that has become an OASIS standard as of version 1.2.
It extends the fundamental security protocols specified by the WS-Security, WS-Trust and WS-Secure Conversation by offering mechanisms to represent the capabilities and requirements of web services as policies.
Security policy assertions are based on the WS-Policy framework.
Most policy assertion can be found in following categories: Policies can be used to drive development tools to generate code with certain capabilities, or may be used at runtime to negotiate the security aspects of web service communication.
[1] Namespaces used by the following XML-snippets: Include a timestamp: Use either transport layer security (https) or message level security (XML Dsig/XML Enc): To define a SAML assertion as security token: Issued token assertion of providers with reference to the STS and required token format: Specify that message header and body need to be signed, and attachments are left unsigned: specify that message open source license need to be signed, and hydra security are left unsigned: The term Web Services Security Policy Language is used for two different XML-based languages: