5.7.1 General Guidelines

The Policy attachment mechanism used to communicate the policy assertions should not affect or imply additional semantics in the interpretation of Policy alternatives. If it did, each policy assertion would need to be written with different (and possibly unknown) attachment mechanisms in mind. Since multiple attachment mechanisms may be used, a policy alternative created during the process of calculating an effective policy can contain multiple instances of the same policy assertion type ( i.e., the SignedParts assertion). It is therefore also important for the policy authors to define what it means if multiple assertions are present.

Although a policy assertion may be constrained to a specific set of policy subjects by Assertion Authors, its semantics should not be dependent upon the mechanism by which the policy expression is attached to a given policy subject. For instance, an assertion "Foo" has the same semantics when attached to an operation policy subject regardless of whether it was attached using XML element policy attachment or the external URI attachment mechanism. Independence from a specific attachment mechanism allows policy tools to choose the most appropriate mechanism to attach a policy without having to analyze the contents of the policy.

For example, a security policy expression can be assigned a key reference and be attached to a UDDI binding or can be embedded in a WSDL document.

Since multiple attachment mechanisms may be used, a policy alternative created during the process of calculating an effective policy can contain multiple instances of the same policy assertion type ( i.e., the SignedParts assertion). It is therefore also important for the policy authors to define what it means if multiple assertions are present.