This combining algorithm returns the first deny decision returned by the list of configured PDPs.

Steps: Invoke all configured PIPs in order.

1. Invoke each PDP in order.
2. If a PDP returns a deny, return decision.
3. If all PDPs return a permit, return permit.
4. If no PDPs provide a decision, return indeterminate.

Note that entity issuing the decision for each PDP is not considered, that is the resource owner is not matched with PDP decision issuer. Resource owner is used only when an indeterminate decision is returned, with no decision from any PDPs.