Policy Decision Point (PDP)

A component in security framework that evaluates access requests against predefined security or privacy policies and returns an authorization decision.

PDP ensures all activities within a system are compliant with established policies (even with very complex ones) and provides a centralized point for decision-making.

In the access control context, PDP cannot effectively function without PEP (Policy Enforcement Point) in a framework since their roles are complementary. PDP receives an access request from PEP; performs an evaluation against the predefined policies; makes a decision (usually permix X deny); sends the decision back to PEP which then enforces the decision.

Simply put, PDP is the ‘brains' and PEP is the 'muscle’ in the access control operation within a system.

 

Support: perun@cesnet.cz