How does XACML handle policy conflicts? If the PAP (policy administration point) has two different <policy> elements in two policy.xml files included where two policies have the same Target, which one will be evaluated? Both policies are self-contained in <policy> in different files.
If both <policy> elements are inside a <PolicySet> it would use PolicyCombiningAlgId. But as they exist isolate how does a XACML engine handle this?
(note: I cleaned your question up because you had quite a few XACML inaccuracies).
There are 2 ways to resolve conflicts in XACML. These are:
Your question relates most specifically to the case you have configured a Policy Decision Point (PDP) (and not a PAP as you wrote) with several policies. Which one wins? Since none of them are wrapped, there aren't any combining algorithms to choose from. This behavior is not defined in the XACML standard and will depend on the XACML engine you use.
The Axiomatics XACML engine, for instance, forces you to always choose a root policy (set), i.e. a policy (set) which the engine will consider as its entry point. Any other policies passed to the PDP will only be used if the root policy references them.
If you want to learn more about combining algorithms, check out this blog post I recently wrote.