Dear all,

I propose to make the A&A policy webservice more secure by checking 
availability of resource URIs at policy upload time.
This is to tackle the issue of "pre-registration", i.e., to stop an 
attacker from registering arbitrary "promising" resource URIs (not under 
his control), by enforcing that every URI in a policy is actually reachable.
Being "reachable" means that the webservice at the corresponding URI 
reacts by returning an arbitrary return code other than "404 (not found)".
If nothing speaks against that I will add the functionality within the 
next few days. Please tell me, if you hold a different view on the issue.

Best regards
Andreas