To view the policy sets, navigate to Services > Policy sets and select Application policy sets or System policy sets. A table like this will be displayed.

Policy sets contain policies

A policy set is a collection of one or more of the following policies.

• HTTP transport
• SSL Transport
• WS-Addressing
• WS-ReliableMessaging
• WS-Security
• WS-Transaction

These policies are built on SOAP and are placed in the SOAP header. Since the policies are built on SOAP, these policies would be used by a JAX-WS (Java Web Service) application. In other words, these policies would not be used by a web application.

Why do policy sets exist?

Let's consider a scenario where data needs to be transported from an application running on a WebSphere application server to a client. If the data were not protected in some way, a nefarious user could intercept the data as it is being transported. This would be very problematic if the data were sensitive, such as a users name and credit card details. Various policies address this issue, so that the data cannot be obtained by a nefarious user.

Transport level vs. Message level

Generally speaking, the data is protected in two ways.

• Transport level
• Message level

Protecting the data at the transport level means the packets being transported from server to client is protected. Protecting the data at the message level means that the actual data is protected. You should read up on each policy for more details on it's relationship to transport level and message level secrutiy.

Attach policy sets to JAX-WS application

After deploying a JAX-WS application, you can attach policy sets to the application.