[ws-sx] Comments on Security Policy and a Suggestion

["Ashok Malhotra" <ashok.malhotra@oracle.com>]

Recently, Prateek and I and our product folks started looking at SecurityPolicy
and we were dismayed by the breadth and the complexity.  I doubt that most people
could author Security Policies.  Also, it's not clear if the specification works -- in that
there may be practical situations that users want to express than cannot be expressed
by Security Policy.

So, I thought that what may be useful is to create a small number of usecases that
represent typical customer usages of security in Web Services.  Then we try and write 
Policies for these use cases and see what happens.  

I foresee two benefits from such an exercise:
- We will find bugs and other usage problems and validate the design.
- The resulting policies will be very useful and many users will just be
able to use these canned policies for their work.

I can try and write the policies but someone else needs to provide the usecases.

All the best, Ashok