How to configure a policy engine that is suitable to calculate risks based on attributes that have been collected from the user based on given access control. for instance Attribute based access control ?
XACML itself (the spec) and its alternatives (OPA, Oso, ...) do not tell you how to compute a risk score. There are risk score engines for that. For instance take into account user attributes e.g. age, years driving, alcohol level in your bloodstream... Policy engines need to know a risk score but the calculation of that score should be devolved to risk engines.
