Overview#

Policy Decision Point or PDP evaluates access requests against Authorization Policies before issuing access decisions.

The digital representation of the Policy is provided by the policy Information Point to the policy Decision Point which then passes the decision to the Policy Enforcement Point where the access is permitted or denied.

Obviously in some systems, all of the entities:

May reside within the same application of the same host.

RFC 2753#

Policy Decision Point (PDP): The point where policy decisions are made.

XAML#

The system entity that evaluates applicable policy and renders an authorization decision. This term is defined in a joint effort by the IETF Policy Framework Working Group and the Distributed Management Task Force (DMTF)/Common Information Model (CIM) in RFC3198. This term corresponds to "Access Decision Function" (ADF) in (ISO10181-3).

NIST#

The concept of Policy Decision Point (also known as Access Control Decision Function) is a locus where policy rules have been resolved, evaluated, and combined to yield a binary value for interpretation by a Policy Enforcement Point. The OASIS XACML standard defines Policy Decision Point and its implementation using the XACML language.

Generic#

PDP is a component of policy-based management. When an entity tries to access a file or other resource on a network that uses policy-based access management, the (PEP) will describe the entity's attributes to other entities on the system. The PEP will give the PDP the job of deciding whether or not to authorize the user based on the description of the entity's attributes. Applicable policies are stored on the system and are analyzed by the PDP. The PDP makes it's decision and returns the decision. The PEP will let the entity know whether or not he has been authorized to access the requested resource.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-16) was last changed on 07-Jul-2015 09:11 by jim