Is a rule service useful for anything other than access control decisions? XACML has a concept of Policy Information Point - essentially an interface to a collection of machine-readable policy documents. However, is this concept useful outside Authorization?

Some options:

1. Keep this service, rename it Policy, and tie it to XACML
2. Remove, and describe the function within Authorization as a dependency
3. Generalize this service to include authz policies, but also other types of policy
4. Remove any mention of authz policies, and describe the service entirely in terms of other rules

My gut feeling at the moment is (2) - this is a very specific type of function. Non-authz business rules are typically described in process terms as workflows.

I see also that this service has been removed from the OKI OSID stack.Possibly the same conclusion was reached there too.