For example, a system might deny access to a resource to anyone who has a claim with a type of Age, a right of PossessProperty, and a resource value of Under 21 only when that identity also has a claim of type Name, a right of Identity, and a resource value of Mallory. Put another way, the system denies access to anyone who is under 21 years old and grants access when the name is Mallory. To correctly implement this semantic, it is important to look for the Age claim first and determine whether the age is under 21 years old. Otherwise, if Mallory is under 21, then the resource may be granted access solely on the basis of the Name claim.