Overview#
Policy Decision Point or
PDP evaluates
Access Requests against the digital representation of the
Authorization Policies from the
Policy Retrieval Point along with
data from the
Policy Information Point before issuing
access decisions.
Obviously in some systems, all of the entities:
May reside within the same
application of the same host.
Policy Decision Point (PDP): The point where policy decisions are made.
The system entity that evaluates applicable policy and renders an authorization decision. This term is defined in a joint effort by the
IETF Policy Framework Working Group and
the
Distributed Management Task Force (
DMTF)/
Common Information Model (
CIM) in
RFC 3198. This term corresponds to "Access Decision Function" (ADF) in (ISO10181-3).
The
OASIS XACML standard defines
Policy Decision Point and its implementation using the
XACML language.
The concept of Policy Decision Point (also known as Access Control Decision Function) is a locus where policy rules have been resolved, evaluated, and combined to yield a binary value for interpretation by a
Policy Enforcement Point.
Generic#
Policy Decision Point is a component of
Policy Based Management System. When an
entity performs an
Access Request for
resource on a network that uses
Policy Based Management System, the
Policy Information Point will describe the
entity's
attributes to other entities on the system. The Policy Decision Point has the job of deciding whether or not to authorize the user based on the description of the entity's attributes. Applicable policies are stored on the system and are analyzed by the Policy Decision Point. The Policy Decision Point makes it's decision and returns the decision. The
Policy Enforcement Point will let the
entity know whether or not he has been authorized to access the requested resource.
There might be more information for this subject on one of the following: