This graphic shows 3 boxes each containing a policy set definition:

Policy Set 1. Name: domainExternal, Scope: Domain, Constraint: HTTPHeader("VIRTUAL_HOST_TYPE","external"), Policy Reference: oracle/wss11_saml_or_username_token_with_message_protection_service_policy

Policy Set 2. Name:domainInternal, Scope: Domain, Constraint: !HTTPHeader("VIRTUAL_HOST_TYPE","external"),Policy Reference: oracle/wss_saml_or_username_token_service_policy

Policy Set 3. Name: domainLog, Scope: Domain, Constraint: None (default), Policy Reference: oracle/log_policy

Beneath the three boxes is another long, thin box labeled Effective Policy Calculation. Policy Set 1 and Policy Set 2 each have arrows feeding into the Effective Policy Calculation box. Policy Set 3 is merged into the arrows for policy sets 1 and 2.

There are two arrows from the Effective Policy Calculation box pointing to two boxes beneath it that show the effective policies for external requests and the effective policies for non-external requests and requests with no constraints, respectively.

The effective policies for external requests are oracle/wss11_saml_or_username_token_with_message_protection_service_policy from Policy Set 1, domainExternal and oracle/log_policy from Policy Set 3, domainLog

The effective policies for non-external requests and requests with no constraint are oracle/wss_saml_or_username_token_service_policy from Policy Set 2, domainInternal and oracle/log_policy from Policy Set 3, domainLog.