Working towards the next version of the SWIM Supporting Material

Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents


titleRequirement [+]


Service access and use conditions




A service description shall include the conditions which apply to accessing and using the service, such as

  • legal constraint;
  • service policies;
  • service consumption constraints; and
  • security constraints.


This requirement ensures that a service consumer is aware of any limitations on the access and use of the service.

It is good practice to share business constraint information associated with the conditions of usage of the service.


Completeness: Verify that the elements included cover the required constraints and policies.

Consistency: Not Applicable.

Correctness: Not Applicable.


Example legal constraints:

  • Licenses to be bought;
  • Intellectual property rights to be respected.

Example services policies:

  • Contingency policy;
  • Business policy(s) in terms of business rule or objective i.e. how the business is conducted;
  • Operational policy(s) (i.e. constraints and requirements for how services operate and interoperate at runtime) in terms of rules and guidelines. Operational policies are utility centric (handling operational characteristics) covering mainly; , logging, messaging protocol and versioning. Normally standardised for a defined collection of services;
  • Technical policy(s). Technical policies can (if available) be provided in machine-readable format;
  • Versioning scheme used (e.g. major.minor[.fix]) and the compatibility guaranteed between different versions (e.g. backwards compatibility is guaranteed between minor versions but not for major);
  • Lifecycle policy applied to the service (e.g. to allow consumers to know that he is not investing on a soon to be retired service).

Example service consumption constraints:

  • The maximum number of requests per time window allowed for a service consumer.

Example security constraints:

  • Confidentiality:
    • Statement of the confidentiality offered by the service (e.g. message, transport, none…);
    • Elements of the payload whose confidentiality is required or provided (whole payload, body, specific sub-elements…);
    • Cryptographic algorithms and key sizes;
  • Integrity:
    • Statement of the integrity offered by the service (e.g. message, transport…);
    • Elements of the payload whose integrity is required or provided (whole payload, body, specific sub-elements…);
    • Cryptographic algorithms and key sizes;
  • Authentication:
    • Statement of the authentication mechanisms used on consumer and provider side;
    • Statement of the failed authentication constraints;
    • Identity tokens;
  • Authorisation:
    • Statement on the authorisation mechanism used;
    • Credentials used for the authorisation;
    • Levels of authorisation.

Note: Additional use conditions could be diplomatic, geographical reasons, safety criticality and fees to be paid, for instance.

Level of Implementation