Title: RE: Policies with No Subject I am working on a paper that will describe my ideas more fully, but briefly here is the argument. Policy evaluation has two phases. 1. identifying the policies that apply to particular request 2. execute the policy evaluation algorithm There is a somewhat arbitrary choice of which inputs to apply to each phase. However, since resources are distributed and control is federated it makes sense to organize them by the resources they apply to, so that they can be located physically close to the resources and their administrators. This suggests that resource and closely related items such as action must always be specified, so it is possible to determine which policies apply. Privilege is something I consider to be completely synthetic and may not necessarily even be present in a policy model at all. For example, the AssureAccess policy model does not currently contain the notion. We map to resources and actions. Privilege, as it is typically used, is actually a target aggregator, in the same way group is a subject aggregator. A priviledge is a shorthand name for some collection of resources and methods that are considered to be similar from an access control perspective. Hal