There are two issues with the current appliesTo processing in PolicyAppliesToBuilderImpl
1/ For each element that holds a policy set it calculates the appliesTo nodes and checks that the current element is in the set. If not the policySet is removed from the element. The problem here is that it's checking the reference, service and binding nodes when it should be checking the endpoint and endpointreference nodes which hold the aggregated set of policy sets at this point
2/ The spec says.
400 policySet will apply to any child binding or implementation elements returned from the expression. So, for
401 example, appliesTo="//binding.ws" will match any web service binding. If
402 appliesTo="//binding.ws[@impl='axis']" then the policySet would apply only to web service bindings that
403 have an @impl attribute with a value of 'axis'."
Is not clear here if a policy set can appliesTo a service, reference or component element, rather than a binding or implementation element, in the expectation that it will be pushed down to the children. I can understand this being the case for attachTo but I don't understand why that would be needed for appliesTo.