I would like to add a side note to Rich's great comment.
Many times, policy authors, when using targets, do not think about the fact an attribute is in fact a bag of attributes and can be multi-valued.
It means that if you write a target that says: "age > 20", what you have actually written is "if there is at least one value within the bag age greater than 20".
Now, we humans understand it is impossible to have more than a single age. But where is that validation check done? Is it even the policy's responsibility to validate attribute values? Would you want to use a condition to check that integerBagSize(age)==1?
Anyway, this is a different topic but it is worth keeping it in mind.