A policy alternative is a potentially empty collection of
assertions.] An alternative with zero assertions indicates no
behaviors. An alternative with one or more assertions indicates
behaviors implied by those, and only those assertions. [Definition:
A policy vocabulary is the set of all
policy assertion types
of the assertions contained
within a policy.
The assertion types of the
assertions that are contained within nested policy expressions (if
any) in the assertions contained within the policy are not part of
the policy vocabulary.] [Definition:
A policy alternative vocabulary is the set of all
policy assertion types
of the assertions that are contained within the
assertion types of the assertions that are contained within nested
policy expressions (if any) in the assertions contained within the
policy alternative are not part of the policy alternative
vocabulary.] When an assertion whose type is part of the
policy's vocabulary is not included in a policy alternative, the
policy alternative without the assertion type indicates that the
assertion will not be applied in the context of the attached policy
subject. See the example in Section
4.3.1 Optional Policy
Policy intersection is useful when two or more parties express policy and want to limit the policy alternatives to those that are mutually compatible. For example, when a requester and a provider express requirements on a message exchange, intersection identifies compatible policy alternatives (if any) included in both requester and provider policies. Intersection is a commutative function that takes two policies and returns a policy. There are two modes for intersection: strict and lax. How the mode is selected or indicated for the policy intersection is outside the scope of this specification.
Because the set of behaviors indicated by a policy alternative depends on the domain-specific semantics of the collected assertions, determining whether two policy alternatives are compatible generally involves domain-specific processing. If a domain-specific intersection processing algorithm is required this will be known from the QNames of the specific assertion types involved in the policy alternatives. As a first approximation, an algorithm is defined herein that approximates compatibility in a domain-independent manner:
Assertion parameters are not part of the compatibility determination defined herein but may be part of other, domain-specific compatibility processing.
If the mode is lax, two policy alternatives A and B are compatible:
If two alternatives are compatible, their intersection is an alternative containing all of the assertions in both alternatives.