How Does a Policy Decision Point Load a New Policy?

Policy Decision Points (PDP) are managed through Authorization Domains in the Axiomatics Services Manager (ASM). When a new policy is applied to a Domain, the PDPs in that Domain will get notified and call the ASM API to retrieve the new Domain Configuration (including the policy).

When the PDPs receive the new configuration, it’s loaded into memory and validated. Example of validations made by the PDP:

  • Check that all functions, data types, and combining algorithms used in the policies are supported by the PDP.
  • Verify that policies are well-formed.
  • Determine that Policy Information Points required by the configuration are known to the PDP.

Zero Downtime

Although It might take the PDP several ms to load the new configuration into memory and it will use CPU cycles, the existing configuration will still be in place and will still be used by the PDP to service requests that are received during the time of loading the new configuration. Given this there is no downtime for the PDP to apply a new configuration. The processing of an incoming request and the action of loading the new configuration use the same CPU and with that might potentially “steal” some CPU cycles that could be used for processing the request faster. However this has a very negligible impact on the overall performance of the system.

Related Articles

Meeting today’s dynamic authorization and access challenges: The Axiomatics story | Dynamically Speaking
Dynamically Speaking
For more than 15 years, Axiomatics has worked with companies worldwide to define and deliver solutions to the most complex authorization and access challenge. In...
Getting started with Zero Trust using dynamic authorization | Dynamically Speaking
Dynamically Speaking
Zero Trust. It’s everywhere. It’s a methodology that’s been around for years, and we are now seeing a significant uptick in the number of enterprises...
The case for dynamic authorization in banking and finance
Attribute Based Access Control (ABAC)
More than other organizations, banks, and financial institutions face the highest levels of scrutiny when it comes to how they protect critical assets and sensitive...