In the simplistic cases, often the authorization policy management is done using the provided tooling. OPSS provided tooling in the form of EM(GUI) and WLST (script) to manage policy.
For more advanced needs, OPSS also provides API for programmatic policy management.The Policy API is protected by codesource permission. Hence applications using the API will need to have the required permission. See the example 188.8.131.52 in FMW Security guide on the code necessary to use the API. What the example assumes is that proper policy access permission is granted before hand. I.e the application code running the example has PolicyStoreAccessPermission( "context=APPLICATION,name=applicationStripe" , "grant")
Here is the example of OPSS WLST command that needs to be run to grant the requirement Permission. Replace all bold entries with values appropriate for your environment. The first entry is the path to the application jar that is making the programmatic API call, the second bold entry is the application stripe.
grantPermission -codeBaseURL "file:/scratch/foo/abc.jar" -permClass oracle.security.jps.service.policystore.PolicyStoreAccessPermission -permTarget "context=APPLICATION,name=myAppName" -permActions "grant"
See this link for details on running FMW WLST commands.
There are two basic ways an application can use the example 184.108.40.206. One is to modify the application policy for itself, the other is to modify the application policy for another application.
The later might be the case when you have authorization management of the application structured as another application. In the second case, the code source for the second application needs to be granted the PolicyStoreAccess permission.