Is a rule service useful for anything other than access control decisions? XACML has a concept of Policy Information Point - essentially an interface to a collection of machine-readable policy documents. However, is this concept useful outside Authorization?
Keep this service, rename it Policy, and tie it to XACML
Remove, and describe the function within Authorization as a dependency
Generalize this service to include authz policies, but also other types of policy
Remove any mention of authz policies, and describe the service entirely in terms of other rules
My gut feeling at the moment is (2) - this is a very specific type of function. Non-authz business rules are typically described in process terms as workflows.
I see also that this service has been removed from the OKI OSID stack.Possibly the same conclusion was reached there too.