Great insight as to the importance of Policy Decision Points with regards to security processes.
Why on earth would you do that?
We all understand that runtime characteristics change as processes get moved around the network. Having problems with network io? Move the database daemon to the same tier as the client process. Problems with file io? Store the data in memory as opposed to disk. etc…
These same techniques apply for system architecture and security. Location of policy enforcement, decision, and database processes hugely impact the overall welfare of your organization’s computational systems.
With these kinds of thoughts, what happens when security processes get moved around the network?
But first, we must define the security processes:
1. Policy Enforcement Point (PEP)
The gatekeeper component. It enforces the security policy on the client program. PEPs come in many shapes and sizes. Often times it’s a small block of code that gets embedded directly into a client program.
2. Database (DB)
The database is used by PDPs to house…
View original post 637 more words
Filed under: Infrastructure, Interests, Private Cloud Computing, System Adminstration Tagged: IAM, openldap, pdp
