The domain scope expressions used by the policies do not distinguish
between an object and a domain object in all cases. Unwanted semantic
changes may be the result when replacing a single object with a domain
as the following example shows: /linux_user is a single
object and used as subject in a positive obligation policy. When the
policy is triggered by an event, the action executed has ``exactly
once'' semantics. In case /linux_user is replaced by a
domain object specifying a number of Linux users then the actions of
the policy will be executed several times. No information on whether
this ambiguity has been considered could be found. It may be resolved
using a special operator or redefining an existing one, for instance
by a @0 or 
0 expression.
Although the policy approach described above is very powerful, it still suffers from certain restrictions. Constraints other than access rights are not entirely considered (e.g., ``the last three passwords must not be reused''). In many cases, there is probably a way to describe other constraints on the basis of permissions, but the meaning of such (a number of) policies is not easy to understand.
Only in the case of positive obligation policies can additional actions for an enforcement failure be specified. In all the other cases it is not possible. Especially management operations must handle failures carefully. The time when a policy fails cannot be specified. The notation and semantics should be enhanced to allow this. In the remaining chapters of this thesis we will see that this expressiveness is important in order to support metapolicies.
Some aspects of the notation are not straightforward to guess. For instance, passive obligation policies are triggered by events, negative ones are not; negative obligation policies are only considered by subjects, negative authorisation policies are considered by the target's support system, and positive authorisation policies are used by both. All this may be a consequence of the initial research interest which focused on access control.