A Policy Decision Point (PDP) is the component that evaluates authorization policies and returns a decision about whether an action should be allowed. It matters because modern authorization often needs centralized logic instead of scattered one-off checks.
What is Policy Decision Point (PDP)?
A PDP receives policy-relevant information such as user identity, resource attributes, requested action, and contextual signals, then evaluates the relevant policies to decide allow, deny, or other outcomes. It is common in ABAC, zero trust, and policy-as-code systems.
What Policy Decision Point (PDP) Commonly Supports
Common uses include API authorization, service-to-service policy checks, tenant-aware access control, dynamic entitlements, and context-based enforcement.
Policy Decision Point (PDP) vs. Embedded Inline Authorization Logic
Inline logic makes decisions directly inside the application code path. A PDP centralizes decision logic for reuse and consistency.
Frequently Asked Questions
Why is a PDP useful?
Because it improves consistency and makes complex authorization rules easier to manage centrally.
Does a PDP enforce policy by itself?
No. It makes the decision; another component typically applies that decision to the request.
Related Cybersecurity Terms
- Policy Enforcement Point (PEP)
- Policy as Code
- Attribute-Based Access Control (ABAC)
- API Authorization
