Figure 1P-26 - Principal Relationships of a PolicyEnforcementPoint

A PolicyEnforcementPoint is a type of PolicyApplication, and is used to verify that a prescribed set of PolicyActions have been successfully executed on a set of PolicyTargets. A high-level drawing of the PEP and its important relationships is shown in Figure below.<br/>A PolicyEnforcementPoint serves as an interface between the devices that policy is executed on and the policy decision-makers (such as the PolicyDecisionPoint) of the policy. PolicyEnforcementPoints request work to be performed from PolicyDecisionPoints, and then enforce decisions made by PolicyExecutionPoints on their PolicyTargets. One or more PolicyEnforcementPoints are contained in a PolicyServer.<br/>The combination of a PolicyExecutionPoint and a PolicyEnforcementPoint enable the act of executing a decision (made by a PolicyExecutionPoint) to be separated from the act of ensuring that the executing actions were performed correctly, and had the desired results (both of these latter two functions are performed by the PolicyEnforcementPoint).<br/>The EnforcesExecutionOf association defines the set of PolicyExecutionPoints that are enforced by a particular PolicyEnforcementPoint. This association was defined in the previous section, titled PolicyDecisionPoint (PDP).<br/>Note that the DirectsEnforcementOf, EnforcesExecutionOf, and PolicyActionEnforcedBy associations are all implemented by association classes. This is because each of these associations has rich semantics that require a class to be properly expressed. <br/>