18.4. Policy Decision Point
In most NAC architectures, the Policy Decision Point (PDP) corresponds to the solution's main policy server. The PDP applies three basic steps:
Collect a full range of information about a user or machine's session — authentication and authorization information, endpoint integrity, location, time of day, and more.
Use this information to decide which resources (applications, data, and network segments) can allow the user to access during that session.
Push this decision to the Policy Enforcement Point (PEP) in the form of a policy that the PEP implements until either
The session expires.
The PDP revises and refreshes the policy decision.
The PDP is the device or service that provides authorization to the Policy Enforcement Point(s) for every user and machine that attempts to access network resources.
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
