Overview#The Policy Enforcement Point (PEP) is where the is actually enforced.
The digital representation of the policy is provided by the policy Information Point to the policy Decision Point which then passes the decision to the Policy Enforcement Point where the access is permitted or denied.
Obviously in some systems, all of the entities:
Password Policies#For Password policies, each point where an entry is permitted to change their password, should be able to enforce the password policy.
When performing Consistent Sign On this implies that the point at which the password is changed should be able to enforce the same password policy that is used for the entire organization. Typically, we have found it is best to limit the Policy Decision Points (PDP) to as few as possible as each PDP may interprut the policy slightly different or you may have to duplicate the policy within another system.
More Information#There might be more information for this subject on one of the following:
- Access Control
- Access Control Models
- Access Proxy
- Attribute Based Access Control
- Authorization Server
- Cloud Access Security Broker
- Common Open Policy Service
- Digital Key
- Entitlement Example
- Glossary Of LDAP And Directory Terminology
- IDM The Application Developers Dilemma
- Identity Aware Proxy
- Password Management Considerations
- Password Maximum Length
- Password Minimum Length
- Password Validator
- Policy Based Management System
- Policy Decision Point
- Policy Enforcement Point
- Policy Information Point
- REST Profile of XACML
- Resource Inventory Service
- Resource Server
- User-Managed Access
- Web Blog_blogentry_010317_1
- Web Blog_blogentry_020117_1
- Web Blog_blogentry_260715_1
Draft stuff#"Policy Enforcement Point", is the logical entity or place on a server that enforces policies for admission control and policy decisions in response to a request from a user wanting to access a resource on a computer or network server.
PEP is a component of policy-based management. When a user tries to access a file or other resource on a computer network or server that uses policy-based access management, the PEP will describe the user's attributes to other entities on the system. The PEP will give the Policy Decision Point (PDP) the job of deciding whether or not to authorize the user based on the description of the entity's attributes. Applicable policies are stored on the system and are analyzed by the PDP|DefinitionPolicyDecisionPoint]. The PDP|DefinitionPolicyDecisionPoint] makes it's decision and returns the decision. The PEP will let the entity know whether or not he has been authorized to access the requested resource.