WS-Policy is public. This spec is significant as it is a step towards separating message content declaration (aka "what we have now in WSDL") from the services and QoS declaration. There are also significant new specs around WS-Security. WS-Trust and WS-SecureConversation are specifically interesting for things as those that I have been doing with my Kerberos integration with WS-Security, because it provides a framework for establishing trust relationships and secure, "connection-like" bidirectional conversations (and not only one-shot messages).