SwitchYard's SecurityPolicy defines 3 intents: confidentiality, clientAuthentication, and authorization. Previously, all 3 were marked as interaction policy types. However, according to the spec, "authorization" is actually an implementation policy type. As of SWITCHYARD-1729, the runtime has been fixed to re-align to this.

The tooling needs to change to. When checking the checkboxes for the security policies, the confidentiality and clientAuthentication selections can remain as attributes being added to the space-delimited value of the requires attribute of the service element. However, when checking the authorization policy, it should be added to the space-delimited value of the requires attribute of the implementation.[impl] element (where "[impl]" could be bean, for example).

Here is an example from SWITCHYARD-1729's new policy-security-basic-propagate quickstart:

<composite xmlns="http://docs.oasis-open.org/ns/opencsa/sca/200912" name="policy-security-basic-propagate" targetNamespace="urn:switchyard-quickstart-demo:policy-security-basic-propagate:0.1.0">
<service name="WorkService" promote="WorkService">
<interface.wsdl interface="META-INF/WorkService.wsdl#wsdl.porttype(WorkService)"/>
<binding.soap xmlns="urn:switchyard-component-soap:config:1.0">
<wsdl>META-INF/WorkService.wsdl</wsdl>
<contextPath>policy-security-basic-propagate</contextPath>
</binding.soap> </service>
<component name="WorkService">
<implementation.bean xmlns="urn:switchyard-component-bean:config:1.0" class="org.switchyard.quickstarts.demo.policy.security.basic.propagate.WorkServiceBean" requires="authorization"/>
<service name="WorkService" requires="confidentiality clientAuthentication">
<interface.java interface="org.switchyard.quickstarts.demo.policy.security.basic.propagate.WorkService"/>
</service>
<reference name="BackEndService">
<interface.java interface="org.switchyard.quickstarts.demo.policy.security.basic.propagate.BackEndService"/>
</reference> </component>
<component name="BackEndService">
<implementation.bean xmlns="urn:switchyard-component-bean:config:1.0" class="org.switchyard.quickstarts.demo.policy.security.basic.propagate.BackEndServiceBean" requires="authorization"/>
<service name="BackEndService" requires="confidentiality clientAuthentication">
<interface.java interface="org.switchyard.quickstarts.demo.policy.security.basic.propagate.BackEndService"/>
</service>
</component>
</composite>

You can see that requires="confidentiality clientAuthentication" is on the service element, and requires="authorization" is on the implementation.bean element.