Axiomatics | Policy Decision Points

A Policy Decision Point (PDP) loads XACML policies into memory and evaluates XACML requests against these policies. The response to a request is typically either Permit or Deny.

The world's largest XACML deployments are powered by Policy Decision Points from Axiomatics.

Axiomatics Policy Server PDP

APS implements XACML 2.0 and 3.0. If the policy evaluation reaches a decision as expected it responds with Permit or Deny. If no matching policy is found or an error occurs the response is NotApplicable or Indeterminate respectively. Thus, the PDP basically responds to "yes/no" type of questions.

This can be a limitation. With millions of entries in a table, there will be many Deny answers before you find the few you may be allowed to see. The Axiomatics Reverse Query (ARQ) offers a solution. It extends the XACML PDP with an extra decision engine. It allows clients to ask open questions: "Which of the records am I allowed to see?".

Axiomatics Reverse Query PDP

The ARQ response is a logical expression that can serve as a filter to alter the dataflow between client and server either in an incoming or outgoing stream. The process is efficient. An ARQ response comes almost as fast as a simple Permit or Deny from the standard PDP. To achieve this, ARQ uses an embedded standard PDP.

The XACML v3.0 Multiple Decision Profile, which replaces the older Multiple resource profile of XACML v2.0, also handles multiple resources. Nonetheless, large data sets still remain a challenge, especially if you need to filter data in multiple dimensions. Axiomatics ARQ technology therefore comes with PEP capabilities of different kinds: ARQ-enabled PEP components for SQL resources can alter incoming SQL statements based on XACML policy mandates, ARQ PEP components for document management systems filters large amounts of documents, etc. The ARQ PDP extension therefore adds value in many different environments.

Axiomatics Policy Decision Points (PDP) with or without ARQ enhancements are highly optimized for optimal performance. They can run in a broad variety of environments:

as a standalone Java program
as a service on a J2EE application server
as a standalone .NET library
as an ASP.NET application
embedded in-process with the calling PEP either in .NET or Java environments

Approach
- - Future-proof access control
    Extensible authorization
    Beyond roles and RBAC
    Risk intelligence
    Fine granular policy enforcement
    Enabling information sharing
  - Business values
    Governance
    Compliance
    Risk management integration
    Cost savings
    New opportunities
Technology
- - Products and Services
    Axiomatics products - overview
    Axiomatics Policy Server
    APS Developer Edition
    Axiomatics Policy Auditor
    Axiomatics Reverse Query
    CA SiteMinder Extension
  - Components
    Policy Administration Points
    Axiomatics Language for Authorization (ALFA)
    Policy Enforcement Points
    Policy Information Points
    Policy Decision Points
  - Foundations
    100% XACML
    Attribute Based Access Control
    Externalized authorization
    Fine-grained authorization
  - Resources
    White papers
    Data Sheets
    Case studies
    Product sheets
    Videos
    XACML for developers
    XACML for Windows Server 2012
Solutions
- - Industries
    Financial industries
    Health care
    Insurance
    Manufacturing
    Public sector
    OEM / Solution providers
  - Objectives
    Privacy protection
    Fraud prevention
    Information sharing
    Cloud scenarios
    SOA security
About
- - Company
    About Axiomatics
    Management
    Board
    Contacts
    Careers
  - Customers and Partners
    Customers
    Partners
    System integrators
    Technology partners
  - News and Events
    News
    Events
    Newsletters

Search

About Axiomatics Professional Services
Axiomatics offers a number of professional service designed to support the needs of customer and their current stage in maturity with regards to the XACML technology.

APS Developer Edition
The Axiomatics Policer Server Developer Edition is a compact version of the APS that enables users to manage, simulate and enforce fine-grained policies written in XACML.

Axiomatics Professional Services
Description of the Axiomatics Policy Server, the world's leading XACML implementation.

100% pure XACML
XACML is the standards language that enables enterprises to implement policy-based authorization. Products from Axiomatics implement XACML 2.0 and 3.0. This article describes the details of the OASIS standard.

XACML introduction training
Description of the Axiomatics Policy Server, the world's leading XACML implementation.

Analysis and further reading

To get more in-depth information on fine-grained, context aware access control, visit our resource centre. Once you have registered and logged on you can access all our whitepapers.

Become a registered user

Contact Axiomatics

Would you like to learn more about Axiomatics solutions? Would you like to see a demo? Do you want to speak to an Axiomatics representative about your authorization requirements?

Contact Axiomatics

Policy Decision Points

Search

Read more

Analysis and further reading

Contact Axiomatics

Approach

Technology

Solutions

About

Contact