Applied to a Web services based system, policy is used to convey conditions on an interaction between entities (requester application, provider service, Web infrastructure component, etc). An interaction involves one or more message exchanges between two entities. It is the responsibility of assertion authors to define the interaction scope of an assertion including any constraints on the policy subjects to which the assertion may be attached and a clear specification of the message (s) within that interaction scope to which the assertion applies.
Any entity in a Web services based system may expose a policy to
convey conditions under which it functions. Satisfying assertions in
the policy usually results in behavior that reflects these
conditions. For example, if two entities - requester and provider -
expose their policies, a requester might use the policy of the
provider to decide whether or not to use the service. A requester
may
MAY choose any
alternative since each is a valid configuration for interaction with
the service, but a requester MUST
choose only a single alternative for an interaction with a service
since each represents an alternative configuration.
A policy assertion is supported by an entity in the web services based system if and only if the entity satisfies the requirement (or accommodates the capability) corresponding to the assertion. A policy alternative is supported by an entity if and only if the entity supports all the assertions in the alternative. And, a policy is supported by an entity if and only if the entity supports at least one of the alternatives in the policy. Note that although policy alternatives are meant to be mutually exclusive, it cannot be decided in general whether or not more than one alternative can be supported at the same time.
Note that an entity may be able to support a policy even if the entity does not understand the type of each assertion in the vocabulary of the policy; the entity only has to understand the type of each assertion in the vocabulary of a policy alternative the entity supports. This characteristic is crucial to versioning and incremental deployment of new assertions because this allows a provider's policy to include new assertions in new alternatives while allowing entities to continue to use old alternatives in a backward-compatible manner.