Update 2006-08-16 Version 1.1 of the Web Services Metadata Exchange (WS-MetadataExchange) specification was released in August 2006. It "adds the ability to 'push' metadata along with an Endpoint Reference (of either version), replaces its locally-defined 'Get' request-reply message pair with the one from WS-Transfer, brings in WS-Addressing 1.0 Core, updates examples," etc.

Update 2004-09-21: A second public version of "Web Services Metadata Exchange (WSMetadataExchange)" has been released, adding new functionality and broader industry support. Using WS-Addressing, WSMetadataExchange defines a bootstrap mechanism for metadata-driven message exchange, supporting especially XML Schema, WSDL, and WS-Policy. The request messages are now generalized ('Get Metadata' and 'Get') to provide more flexible endpoint metadata access and to support versioning. See "Revised WS-MetadataExchange Specification Supported by CA, Sun, and webMethods."

Update 2004-03-30: A revised version of the WS-MetadataExchange specification was released on March 30, 2004. The new XML Namespace URI provided in the March 30, 2004 version was 'http://schemas.xmlsoap.org/ws/2004/03/mex'. See the news item "Updated Releases of the WS-Addressing and WS-MetadataExchange Specifications."

---

[March 05, 2004] A new WS-* specification from BEA Systems, IBM, Microsoft, and SAP defines messages to retrieve specific types of metadata associated with an endpoint: Web Services Metadata Exchange (WS-MetadataExchange). According to the Globus/IBM document on Modeling Stateful Resources with Web Services, the WS-MetadataExchange specification is part of the Web services roadmap for WS-Federation.

The purpose of the WS-MetadataExchange specification is to "define a bootstrap mechanism for metadata-driven message exchange," as required in the Web Services Policy Framework (WS-Policy), in Web Services Description Language (WSDL) 1.1, and in W3C XML Schema. Supporting SOAP 1.1, SOAP 1.2 Envelopes and WSDL 1.1 description, the WS-MetadataExchange specification "leverages other Web service specifications for secure, reliable, transacted message delivery." The associated namespace URI is [as updated] http://schemas.xmlsoap.org/ws/2004/03/mex.

"Specifically: WS-Policy describes the capabilities, requirements, and general characteristics of Web services; WSDL 1.1 describes abstract message operations, concrete network protocols, and endpoint addresses used by Web services; W3C XML Schema describes the structure and contents of XML-based messages received and sent by Web services. To bootstrap communication with a Web service, this WS-MetadataExchange specification defines three request-response message pairs to retrieve these three types of metadata. One retrieves the WS-Policy associated with the receiving endpoint or with a given target namespace; another retrieves either the WSDL associated with the receiving endpoint or with a given target namespace; a third retrieves the XML Schema with a given target namespace. Together these messages allow efficient, incremental retrieval of a Web service's metadata." Other message information headers defined by Web Services Addressing (WS-Addressing) may be included in the request and response messages, according to the usage and semantics defined in the WS-Addressing specification.

WS-MetadataExchange is part of the 'composable architecture' series of Web services specifications using the XML, SOAP, and WSDL extensibility models; these WS-* specifications from Microsoft, IBM, BEA (and others) are "designed to be composed with each other to provide a rich set of tools to provide security in the Web services environment."

Bibliographic Information

Web Services Metadata Exchange (WS-MetadataExchange). Edited by Francisco Curbera (IBM) and Jeffrey Schlimmer (Microsoft). Copyright (c) 2004 BEA Systems Inc., International Business Machines Corporation, Microsoft Corporation, Inc, and SAP AG. February [23,] 2004. 28 pages. Contributing authors: Keith Ballinger (Microsoft), Don Box (Microsoft), Francisco Curbera (Editor IBM), Steve Graham (IBM), Canyang Kevin Liu (SAP), Brad Lovering (Microsoft), Anthony Nadalin (IBM), Mark Nottingham (BEA Systems), David Orchard (BEA Systems), Claus von Riegen (SAP), Jeffrey Schlimmer (Editor, Microsoft), John Shewchuk (Microsoft), Greg Truty (IBM), and Sanjiva Weerawarana (IBM). Note: See also the updated March 30, 2004 version.

Document status: "This specification is an initial public draft release and is provided for review and evaluation only. The authors hope to solicit your contributions and suggestions in the near future. The authors make no warrantees or representations regarding the specifications in any manner whatsoever."

Document Section 6 'Acknowledgements' credits input from: Luis Felipe Cabrera (Microsoft), Erik Christensen (Microsoft), Timm Falter (SAP), Don Ferguson (IBM), Jeffrey Frey (IBM), Maryann Hondo (IBM), Chris Kaler (Microsoft), Dave Langworthy (Microsoft), Frank Leymann (IBM), Brad Lovering (Microsoft), Steve Millet (Microsoft), Sanjay Patil (SAP), Chris Sharp (IBM), Eugene Sindambiwe (SAP), Tony Storey (IBM), Sara Wong (Microsoft).

Summary

WS-MetadataExchange summary from Microsoft's Architecture and Composition overview: "...services typically provide information such as WSDL, WS-Policy, and XSD, that describe the service itself. Collectivity we refer to information about the service as metadata. The WS-MetadataExchange specification enables a service to provide metadata to others through a Web services interface. Given only a reference to a Web service, a potential user can access a set of WSDL/SOAP operations to retrieve the metadata that describes the service. Clients can use WS-MetadataExchange at design time, when building their clients, or at runtime..." [Section 3.3.4, in Secure, Reliable, Transacted Web Services: Architecture and Composition, September 2003]

Scenarios for retrieving WSDLs and XML Schemas: "The need to retrieve specific WSDL files corresponding to particular target namespaces arises in the following scenario: an initial Get WSDL request is used to retrieve the WSDL containing the wsdl:service element corresponding to the endpoint; successive Get WSDL requests are then issued to obtain other WSDL documents on which that definition depends, identified by their target namespace... [In the case of retrieving schemas] a possible scenario is when "specific Schema files relevant to the service definition are identified by their target namespaces from the WSDL definition of the service." [spec Section 3]

WS-MetadataExchange Normative Protocol Binding: "A binding for the messages described herein [viz., in this WS-MetadataExchange specification] to SOAP 1.1 [SOAP 1.1] over HTTP as constrained by the Basic Profile 1.0 [WS-I Basic Profile Version 1.0a, August 2003] is RECOMMENDED as a means to bootstrap communication. A Web service is free to support these messages over other bindings in addition to, or in place of, this binding as specified by WSDL [WSDL 1.1], policies, or other mechanisms. In the absence of an explicit specification stating that a different binding must be used, the default SOAP 1.1 over HTTP binding defined here is assumed to apply..." [from Section 4 of the draft]

The document Web Services Federation Language (WS-Federation) (Version 1.0, July 8 2003; IBM, Microsoft, BEA, RSA, and VeriSign) defines "mechanisms that are used to enable identity, account, attribute, authentication, and authorization federation across different trust realms." This July 2003 specification discusses WS-MetadataExchange in the context of 'Federation Metadata': "Participation in a federation requires knowledge of metadata such as policies and potentially even WSDLs and schemas for the services within the federation. Additionally, in many cases mechanisms are needed to identify the Identity Provider, security token services, and attribute/pseudonym services for the target of a given policy (e.g., a Web service). A variety of mechanisms may be used to acquire this metadata including: (1) The metadata is included in messages; (2) Parties ask each other for the metadata; (3) Previously exchanged metadata is remembered; (4) Parties have preconfigured metadata, e.g., they 'just know' possibly including in a 'hard-coded' security token or policy... To obtain and supply the information described above, this specification builds on the foundations outlined in WS-Policy and WS-MetadataExchange to describe and acquire metadata. Readers should familiarize themselves with these specifications. The mechanisms for the first three approaches above are defined in the WS-MetadataExchange specification. Noted: WS-MetadataExchange is a set of Web service mechanisms to exchange policies, WSDL, schema and other metadata between two or more parties. This specification is part of the Web services roadmap for both WS-ReliableMessaging and WS-Federation. WS-MetadataExchange will be published this summer [viz., Summer 2003]..."

From "Web Services Architecture Evolution" in an OGSI-WSRF paper: "... WS-Addressing provides transport-neutral mechanisms to address Web services. Specifically, WS-Addressing specification defines XML elements to identify Web service endpoints and to include endpoint identification in messages. This specification enables messaging systems to support message transmission through networks that include processing nodes such as endpoint managers, firewalls, and gateways in a transport-neutral manner. The end point reference information provides not only the address of Web service itself, but can also serve to identify state instances 'behind' the service by using endpoint reference properties. Although less central to the WS-Resource definition, WS-MetaDataExchange provides a collection of mechanisms for obtaining information about a published service, such as its WSDL description, XML Schema definitions and any other policy information necessary to use the service. Since WS-Addressing and WS-MetaDataExchange provide several capabilities that are also defined OGSI, it is beneficial to exploit those Web services specifications rather than maintaining a specification that defines the same functionality redundantly..." [excerpted from "From Open Grid Services Infrastructure to WS-Resource Framework: Refactoring and Evolution"]

Related Specifications

WS-MetadataExchange specification is said to be part of the Web services roadmap for WS-Federation. A joint whitepaper from IBM Corporation and Microsoft Corporation on Federation of Identities in a Web Services described federated identity management issues to be addressed by the WS-* specifications; this description was elaborated in the publication of three WS-Federation documents that present the federation model, framework, and profiles which detail how different requestors apply the model.

• Web Services Federation Language (WS-Federation). By Siddharth Baja (VeriSign), Giovanni Della-Libera (Microsoft), Brendan Dixon (Microsoft), Mike Dusche (Microsoft), Maryann Hondo (IBM), Matt Hur, Microsoft), Chris Kaler (Editor, Microsoft), Hal Lockhart (BEA), Hiroshi Maruyama (IBM), Anthony Nadalin (Editor, IBM), Nataraj Nagaratnam (IBM), Andrew Nash (RSA Security), Hemma Prafullchandra (VeriSign), and John Shewchuk (Microsoft). Draft Version 1.0. July 8, 2003. 41 pages. Copyright (c) IBM, Microsoft, BEA Systems, RSA Security, and VeriSign.
• WS-Federation: Passive Requestor Profile. By Siddharth Baja (VeriSign), Brendan Dixon (Microsoft), Mike Dusche (Microsoft), Maryann Hondo (IBM), Matt Hur (Microsoft), Chris Kaler (Editor, Microsoft), Hal Lockhart (BEA), Hiroshi Maruyama (IBM), Anthony Nadalin (Editor, IBM), Nataraj Nagaratnam (IBM), Andrew Nash (RSA Security), Hemma Prafullchandra (VeriSign), Yordan Rouskov (Microsoft), John Shewchuk (Microsoft), and Jeff Spelman (Microsoft). Draft Version 1.0. July 8, 2003. 32 pages.
• WS-Federation: Active Requestor Profile. Siddharth Baja (VeriSign), Giovanni Della-Libera (Microsoft), Brendan Dixon (Microsoft), Maryann Hondo (IBM), Matt Hur (Microsoft), Chris Kaler (Editor, Microsoft), Hal Lockhart (BEA), Hiroshi Maruyama (IBM), Anthony Nadalin (Editor, IBM), Nataraj Nagaratnam (IBM), Andrew Nash (RSA Security), Hemma Prafullchandra (VeriSign), and John Shewchuk (Microsoft). Draft Version 1.0. July 8, 2003. 18 pages.

Specifications prominently represented in the use of WS-MetadataExchange (other than SOAP, WSDL, and XML Schema) include WS-Addressing, WS-Policy, and WS-SecurityPolicy. References are provided below.

• Web Services Addressing (WS-Addressing). March 13, 2003. Edited by Don Box (Microsoft) and Francisco Curbera (IBM). Copyright BEA Systems Inc., International Business Machines Corporation, and Microsoft Corporation. 14 pages (PDF). XML namespace URI: http://schemas.xmlsoap.org/ws/2003/03/addressing. Authors: Adam Bosworth (BEA), Don Box (Microsoft, Editor), Erik Christensen (Microsoft), Francisco Curbera (IBM, Editor), Donald Ferguson (IBM), Jeffrey Frey (IBM), Chris Kaler (Microsoft), David Langworthy (Microsoft), Frank Leymann (IBM), Steve Lucco (Microsoft), Steve Millet (Microsoft), Nirmal Mukhi (IBM), Mark Nottingham (BEA), David Orchard (BEA), John Shewchuk (Microsoft), Tony Storey (IBM), and Sanjiva Weerawarana (IBM). [HTML, source]

  Abstract: "WS-Addressing provides transport-neutral mechanisms to address Web services and messages. Specifically, this specification defines XML elements to identify Web service endpoints and to secure end-to-end endpoint identification in messages. This specification enables messaging systems to support message transmission through networks that include processing nodes such as endpoint managers, firewalls, and gateways in a transport-neutral manner..." See also the news item and main reference document: "Web Services Addressing (WS-Addressing)."

• WS-Policy. Web Services Policy Framework (WS-Policy). Version 1.1. 28-May-2003. By: Don Box (Microsoft), Francisco Curbera (IBM), Maryann Hondo (Editor, IBM), Chris Kaler (Editor, Microsoft), Dave Langworthy (Microsoft), Anthony Nadalin (IBM), Nataraj Nagaratnam (IBM), Mark Nottingham (BEA), Claus von Riegen (SAP), and John Shewchuk (Microsoft). 19 pages. XML namespace URI: http://schemas.xmlsoap.org/ws/2002/12/policy. [HTML, source]

  "WS-Policy provides a flexible and extensible grammar for expressing the capabilities, requirements, and general characteristics of entities in an XML Web Services-based system. WS-Policy defines a framework and a model for the expression of these properties as policies. Policy expressions allow for both simple declarative assertions as well as more sophisticated conditional assertions. WS-Policy defines a policy to be a collection of one or more policy assertions. Some assertions specify traditional requirements and capabilities that will ultimately manifest on the wire (e.g., authentication scheme, transport protocol selection). Some assertions specify requirements and capabilities that have no wire manifestation yet are critical to proper service selection and usage (e.g., privacy policy, QoS characteristics). WS-Policy provides a single policy grammar to allow both kinds of assertions to be reasoned about in a consistent manner..." See Updated Versions of Web Services Policy (WS-Policy) Specifications.

• Web Services Security Policy Language (WS-SecurityPolicy). Version 1.0. December 18, 2002. Edited by Anthony Nadalin (IBM). From IBM, Microsoft, RSA, VeriSign. Contributors: Giovanni Della-Libera (Microsoft), Phillip Hallam-Baker (VeriSign), Maryann Hondo (IBM), Tomasz Janczuk (Microsoft), Chris Kaler (Microsoft), Hiroshi Maruyama (IBM), Nataraj Nagaratnam (IBM), Andrew Nash (RSA Security), Rob Philpott (RSA Security), Hemma Prafullchandra (VeriSign), John Shewchuk (Microsoft), Elliot Waingold (Microsoft), and Riaz Zolfonoon (RSA Security). XML namespace URI: http://schemas.xmlsoap.org/ws/2002/12/secext. [HTML, source]

  "This document is an addendum to WS-Security and indicates the policy assertions for WS-Policy which apply to WS-Security... Most Web service specifications indicate their associated policy assertions for use with WS-Policy. However, because WS-Security was published prior to WS-Policy, this addendum identifies these assertions... WS-SecurityPolicy is designed to work with the general Web Services framework including WSDL service descriptions, UDDI businessServices and bindingTemplates and SOAP message structure and message processing model, and WS-SecurityPolicy should be applicable to any version of SOAP..." See Microsoft and IBM Publish Six New Web Services Security and Policy Specifications.