I'm using policy based configuration for my services and using the 509 token profile. We use the same policy configuration and keystore for all of our services. All the rampart-samples and other examples I've seen inline the policy in the services.xml. This means that for each service in each services.xml I duplicate the policy and rampart config section. If I change anything about the policy or rampart config, I would need to change every service in every services.xml file.
Is there an existing way to externalize the policy and config while still using policy based configurations? Ideally, I'd be able to: 1. Reference an external policy within the services.xml (e.g. policy-ref similar to module-ref) at the servicegroup and service level. 2. A property in the rampart config section within the policy to set a 'config' callback handler that would be called to retrieve the rampart/wss4j configuration properties. It would be nice if this callback request included the service for which the configuration is be requested. The first is more important to me than the second, but I think both would offer valuable flexibility. Thanks, Bob
