NOTE ADDED 10/11/08: For the most up-to-date info on wildcards see the following link:

In my previous blog entry, Wildcards for OpenSSO, I provided the write up I plan to include for OpenSSO documentation. I got some feedback. One piece of feedback came in the form of a blog comment at the end of the entry. I responded to that comment with my own comment. The other piece of feedback had to do with query strings in URLs, and that comment came in the form of an email message through the following mailing list: users@opensso.dev.java.net. Obviously, I'm subscribed to that mailing list.

In fact, when I submit a new blog entry, I often send an email message to that mailing list. This is a great community approach that I picked up from other Sun bloggers. When it comes to feedback, I feel that comments on the blog are actually better because people who haven't  subscribed to the mailing list still can see the comment. All the same, the mailing list is great. I feel that the OpenSSO community is really starting to gel. It's easier than ever to interact with the community now. Anyway, the following link is to various OpenSSO related mailing lists:

https://opensso.dev.java.net/servlets/ProjectMailingListList

The "users" mailing list has a lot of activity. To sign up to one of the mailing lists, you first need to register to the OpenSSO project. You can also do that from the link listed above.

All right then, for the the comment I received about query strings, I wrote up a couple of short paragraphs that I'll add to my wildcard write up. I've added those paragraphs below. Leave a comment if you have anything you can add or suggest for these two extra paragraphs.

Handling Resources That Contain Query Strings:

Some resources use a query string, which is the part of a URL that contains data to be passed to web applications. The following is a feasible example of a URL that contains a query string: http://AgentHost/path/app?query-string. The question mark (?) is the separator. It is not part of the query string. Many scenarios exist in which query strings might be used. They can be used for personalization of the user's session. Sometimes an application might add some locale information for a page request. The following example demonstrates the use of such locale information:
http://AgentHost.com:8080/sampleapp/main.jsp?language=en&country=US.

Neither the multi-level wildcard (*) nor the one-level wildcard (-*-) match the question mark. Therefore, to define a policy resource that can handle the question mark, use the multi-level wildcard on both sides of a question mark, as follows: *?* (asterisk-question mark-asterisk).