This function allows the application to discover access control policies associated with the targeted object applied to a particular principal. It returns a list of rights that the principal is authorized for and corresponding conditions, if any. The application must understand the conditions that are returned unevaluated, or it must reject the request. If understood, the application checks the conditions against information about the request, the target object, or environmental conditions to determine whether the conditions are met. Actual enforcement of policies expressed through conditions is the responsibility of the application and is outside of the scope of this paper.