How do service policy semantics really work?

Is there a default semantic for bind or dial policies or both?

Does the AnyOf and AllOf semantic apply to the serviceRoles property or the identityRoles property only or both?

The default semantic for all policies is AllOf. The semantic applies to both roles on a policy. Have per-role semantics is something we consider, if we came across a use case for it.