How Does a Policy Decision Point Load a New Policy?

Policy Decision Points (PDP) are managed through Authorization Domains in the Axiomatics Services Manager (ASM). When a new policy is applied to a Domain, the PDPs in that Domain will get notified and call the ASM API to retrieve the new Domain Configuration (including the policy).

When the PDPs receive the new configuration, it’s loaded into memory and validated. Example of validations made by the PDP:

  • Check that all functions, data types, and combining algorithms used in the policies are supported by the PDP.
  • Verify that policies are well-formed.
  • Determine that Policy Information Points required by the configuration are known to the PDP.

Zero Downtime

Although It might take the PDP several ms to load the new configuration into memory and it will use CPU cycles, the existing configuration will still be in place and will still be used by the PDP to service requests that are received during the time of loading the new configuration. Given this there is no downtime for the PDP to apply a new configuration. The processing of an incoming request and the action of loading the new configuration use the same CPU and with that might potentially “steal” some CPU cycles that could be used for processing the request faster. However this has a very negligible impact on the overall performance of the system.

Other Blogs

3 keys to re-evaluate your authorization management
Business
On May 27, I had the pleasure to join the KuppingerCole KCLive event with several industry peers in a panel discussion about  “Enabling the Future...
How OAuth is related to Attribute Based Access Control
Tech
What is Authorization? Authorization, also referred to as Access Control, is the process that follows authentication (which checks your identity and ensures that you are...
Modern Enterprise Authorization Management System
Business
Gartner has an interesting article titled “Modernize Your Runtime Authorization” that highlights some aspects you need from a modern enterprise authorization systems. Over the years...