cjcolvar/gist:5620930

## gistfile1.txt
From the Dependent Policies Combining list, select the policy combining algorithm.

Deny Overrides
    The deny-overrides policy-combining algorithm evaluates each policy in the order that it appears in the XACML policy set. If any policy in the set evaluates to deny, the policy combination evaluates immediately to deny. In other words a single deny takes precedence over other policy evaluations. If all policies are determined to be NotApplicable, the policy combination evaluates to NotApplicable.
First Applicable
    (Default) The first-applicable policy combining algorithm evaluates each policy in the order that it appears in the XACML policy set. For an individual policy, if the target (resource) evaluates to TRUE and the policy conditions evaluate unambiguously to permit or deny, evaluation is immediately halted, and the policy combination evaluates to the effect of that individual policy. If the individual policy evaluates the target as FALSE or the policy conditions as NotApplicable, then the next policy in the order is evaluated; if no further policy exists in the order, the policy combination evaluates to NotApplicable.
Only One Applicable
    The only-one-applicable policy combining algorithm evaluates each policy in the order that it appears in the XACML policy set; unlike the other policy combining algorithms, only-one-applicable must evaluate all policies to render a final evaluation. If after evaluating all policies, no policy is considered applicable by virtue of its target (the requested resource), the policy combination evaluates to NotApplicable. If after evaluating all policies, more than one policy is considered applicable by virtue of its target, the policy combination evaluates to Indeterminate. If after evaluating all policies, only one single policy is considered applicable by virtue of its target, the policy combination evaluates to the result of evaluating that single policy.
Permit Overrides
    The permit-overrides policy combining algorithm evaluates each policy in the order that it appears in the XACML policy set. If any policy in the set evaluates to permit, the policy combination evaluates immediately to permit. In other words a single permit takes precedence over other policy evaluations. If all policies are determined to be NotApplicable, the policy combination evaluates to NotApplicable.
	From the Dependent Policies Combining list, select the policy combining algorithm.

	Deny Overrides
	The deny-overrides policy-combining algorithm evaluates each policy in the order that it appears in the XACML policy set. If any policy in the set evaluates to deny, the policy combination evaluates immediately to deny. In other words a single deny takes precedence over other policy evaluations. If all policies are determined to be NotApplicable, the policy combination evaluates to NotApplicable.
	First Applicable
	(Default) The first-applicable policy combining algorithm evaluates each policy in the order that it appears in the XACML policy set. For an individual policy, if the target (resource) evaluates to TRUE and the policy conditions evaluate unambiguously to permit or deny, evaluation is immediately halted, and the policy combination evaluates to the effect of that individual policy. If the individual policy evaluates the target as FALSE or the policy conditions as NotApplicable, then the next policy in the order is evaluated; if no further policy exists in the order, the policy combination evaluates to NotApplicable.
	Only One Applicable
	The only-one-applicable policy combining algorithm evaluates each policy in the order that it appears in the XACML policy set; unlike the other policy combining algorithms, only-one-applicable must evaluate all policies to render a final evaluation. If after evaluating all policies, no policy is considered applicable by virtue of its target (the requested resource), the policy combination evaluates to NotApplicable. If after evaluating all policies, more than one policy is considered applicable by virtue of its target, the policy combination evaluates to Indeterminate. If after evaluating all policies, only one single policy is considered applicable by virtue of its target, the policy combination evaluates to the result of evaluating that single policy.
	Permit Overrides
	The permit-overrides policy combining algorithm evaluates each policy in the order that it appears in the XACML policy set. If any policy in the set evaluates to permit, the policy combination evaluates immediately to permit. In other words a single permit takes precedence over other policy evaluations. If all policies are determined to be NotApplicable, the policy combination evaluates to NotApplicable.