I'd use seperate policies because it keeps it simpler - your code will otherwise be a nest of if/else statements and wrappers Think about if you have different virtual servers...each will have auth/autz/acct but you may want different things.... alan