It is desired to do SPD lookups based upon UDP/TCP port numbers (source and destination) as well as source and destination address.
In addition, for hosts a lookup based upon Unix UID should be possible.
For gateways, it is also desirable to do lookup based upon IPSO labels.