Overview#Policy Decision Point or PDP evaluates access requests against Authorization Policies before issuing access decisions.
The digital representation of the Policy is provided by the policy Information Point to the policy Decision Point which then passes the decision to the Policy Enforcement Point where the access is permitted or denied.
Obviously in some systems, all of the entities:
XAML#The system entity that evaluates applicable policy and renders an authorization decision. This term is defined in a joint effort by the IETF Policy Framework Working Group and the Distributed Management Task Force (DMTF)/Common Information Model (CIM) in RFC3198. This term corresponds to "Access Decision Function" (ADF) in (ISO10181-3). Policy Enforcement Point. The OASIS XACML standard defines Policy Decision Point and its implementation using the XACML language.
Generic#PDP is a component of policy-based management. When an entity tries to access a file or other resource on a network that uses policy-based access management, the (PEP) will describe the entity's attributes to other entities on the system. The PEP will give the PDP the job of deciding whether or not to authorize the user based on the description of the entity's attributes. Applicable policies are stored on the system and are analyzed by the PDP. The PDP makes it's decision and returns the decision. The PEP will let the entity know whether or not he has been authorized to access the requested resource.
More Information#There might be more information for this subject on one of the following:
- Access Control
- Access Control Models
- Authorization Server
- Common Open Policy Service
- DirXML and Oracle (OID)
- Entitlement Example
- Glossary Of LDAP And Directory Terminology
- Intruder Detection
- Intruder Lockout Check
- Locked Account Check
- Locked By Intruder
- Policy Based Management System
- Policy Decision Point
- Policy Enforcement Point
- Policy Information Point
- User-Managed Access
- Web Blog_blogentry_020117_1