Currently the RZ10 parameters are "global" for the whole system and all users.
For different use cases of clients and groups of users, it would be usefull to be able to assign different security policies to them depending on their role or risk. For example strength of password vs. frequency of changes, or the behaviour of keeping, changing or deleting the password when SSO is used, etc.
Update: Please see the comments by Wolfgang Janzen. Related notes will be added when available.