Communication between various computing devices (e.g., personal computers, server computers, mobile devices) is increasingly commonplace in a number of network environments, such as, e.g., the Internet and corporate intranets to name only a few examples. Often, these computing devices are configured for communication in accordance with preferred or even required formats. As an illustration, a commercial web site may require a user's computer to comply with one or more assertions before the user is granted access to the payment web pages. These assertions may be specified in one or more policies and may be either general or security related. For example, an assertion may require that incoming messages be encoded according to a particular encryption scheme for security purposes, or that incoming messages be formatted using a particular compression scheme to facilitate efficient transaction processing.
The user's computer, or client, may request a copy of a policy from a host (e.g., a server at the commercial website). The client reads the assertions included in the policy and complies with one or more of the assertions to communicate with or access resources via the host. The client may also store a copy of the policy in a cache so that the client does not have to request another copy of the policy the next time the client communicates with the host. However, policies may be changed (e.g., to implement updated encryption schemes). Accordingly, a client that is using an “old” policy from cache may no longer be complying with valid assertions when attempting to communicate with or access resources via the host.
If the client is not complying with valid assertions, the host may simply ignore messages from the client. Optionally, the host may issue an error message. However, these error messages are also used to indicate other types of errors. For example, an “invalid action” message may also be issued in response to the client attempting to access a resource that does not exist. An “invalid security” message may also be issued in response to the client submitting improper security credentials. These messages do not indicate to the client that the cached policy is invalid, and the client may continue to use the cached policy, albeit unsuccessfully.