3.2 Policy Alternative

[Definition: A policy alternative is a potentially empty collection of policy assertions.] An alternative with zero assertions indicates no behaviors. An alternative with one or more assertions indicates behaviors implied by those, and only those assertions. [Definition: A policy vocabulary is the set of all policy assertion types used in of the assertions contained within a policy. The assertion types of the assertions that are contained within nested policy expressions (if any) in the assertions contained within the policy are not part of the policy vocabulary.] [Definition: A policy alternative vocabulary is the set of all policy assertion types of the assertions that are contained within the policy alternative. The assertion types of the assertions that are contained within nested policy expressions (if any) in the assertions contained within the policy alternative are not part of the policy alternative vocabulary.] When an assertion whose type is part of the policy's vocabulary is not included in a policy alternative, the policy alternative without the assertion type indicates that the assertion will not be applied in the context of the attached policy subject. See the example in Section 4.3.1 Optional Policy Assertions.

...

4.5 Policy Intersection

Policy intersection is useful when two or more parties express policy and want to limit the policy alternatives to those that are mutually compatible. For example, when a requester and a provider express requirements on a message exchange, intersection identifies compatible policy alternatives (if any) included in both requester and provider policies. Intersection is a commutative function that takes two policies and returns a policy. There are two modes for intersection: strict and lax. How the mode is selected or indicated for the policy intersection is outside the scope of this specification.

Because the set of behaviors indicated by a policy alternative depends on the domain-specific semantics of the collected assertions, determining whether two policy alternatives are compatible generally involves domain-specific processing. If a domain-specific intersection processing algorithm is required this will be known from the QNames of the specific assertion types involved in the policy alternatives. As a first approximation, an algorithm is defined herein that approximates compatibility in a domain-independent manner:

  • Two policy assertions are compatible if they have the same type and
  • If either assertion contains a nested policy expression, the two assertions are compatible if they both have a nested policy expression and the alternative in the nested policy expression of one is compatible with the alternative in the nested policy expression of the other.

Assertion parameters are not part of the compatibility determination defined herein but may be part of other, domain-specific compatibility processing.

  • If the mode is strict, two policy alternatives A and B are compatible:
    • if each assertion in A is compatible with an assertion in B, and
    • if each assertion in B is compatible with an assertion in A.

    If the mode is lax, two policy alternatives A and B are compatible:

    If two alternatives are compatible, their intersection is an alternative containing all of the assertions in both alternatives.

  • Two policies are compatible if an alternative in one is compatible with an alternative in the other. If two policies are compatible, their intersection is the set of the intersections between all pairs of compatible alternatives, choosing one alternative from each policy. If two policies are not compatible, their intersection has no policy alternatives. The vocabulary of the intersection is the union of the policy vocabularies of the two compatible policies.

...