By: Christine Martz
Meaning of PDP - "Policy Enforcement Point", is the logical entity
or place on a server that enforces policies for admission control
and policy decisions in response to a request from a user wanting
to access a resource on a computer or network server.
PEP is a component of policy-based management.
When a user tries to access a file or other resource on a computer
network or server that uses policy-based access management, the PEP will
describe the user's attributes to other entities on the system. The PEP
will give the Policy Decision Point (PDP) the job of deciding whether
or not to authorize the user based on the description of the user's attributes.
Applicable policies are stored on the system and are analyzed by
the PDP. The PDP makes it's decision and returns the decision.
The PEP will let the user know whether or not he has been authorized to
access the requested resource.
“…The PEP is responsible for enforcing policies with respect to
authentication of subscribers, authorization to access and services,
accounting and mobility, etc.” [ffii.org]
“…To enforce these policies, a network component,
generically called a "Policy Enforcement Point" (PEP), is used to
ensure that the policy is conformed to before the client machine
is allowed access to the network.”[LAN Access Security Interoperability Lab]
“…The PDPs process these policies, along with other
data such as network state information, and take policy decisions
regarding what policies should be enforced and how this will happen.
These policies are sent as configuration data to the appropriate
Policy Enforcement Points, which reside on the managed devices
and are responsible for installing and enforcing them.” [Raouf Boutaba - Dept. of Computer Science - University of Waterloo]
“…In a policy enforced network, a policy enforcement
point represents a security appliance used to protect one or more endpoints.
PEPs are also points for monitoring the health and status of a network.
PEPs are generally members of a policy group.” [Sec-1.com]
