U.S. +1 (312) 214 3570  |  E.U +34 (91) 320-5524
Contact Us

Policy Decision Point :: Federated Identity Suite

Manage Authorization Decisions

Symlabs Policy Decision Point (PDP) is the component of Symlabs Federated Identity Suite that implements a system to evaluate and act on authorization requests based on pre-established policies plus information describing the requester. It is fully compatible with Liberty specifications and SAML 2.0, including support for XACML to define the rules that grant or deny access to resources and services, and it incorporates an internal rules engine that determines the policies to apply when a user requests access to a service.
 
When a user attempts to access a service, a Policy Enforcement Point (PEP) sends a message to Symlabs Policy Decision Point asking whether to approve the connection. It then replies with permission or denial for access to that service based on the rules that have been defined and the parameters that were passed in the request.
 

Symlabs Policy Decision Point is capable of integrating with any Liberty-compatible PEP, and with Identity Provider (IdP), Discovery Service (DS), and profile services like Personal Profile (PP) to coordinate a comprehensive policy decision and enforcement process. It includes a web-based, Single Sign-On (SSO) enabled graphical user interface that simplifies user administration.

 
Support For Key Industry Standards
 

Symlabs Policy Decision Point includes support for OASIS XACML 2.0 and SAML 2.0 Authorization Decision Query, plus the following Liberty ID-Web Services Framework (ID-WSF 1.1) specifications:

  • ID authorization service (ID-PDP)
  • ID service to update permissions and policies for profiled services
  • DST 2.1 to configure permissions and policies for data objects

A powerful capability of Symlabs Policy Decision Point is its simultaneous support for SAML 2.0, Liberty ID-FF 1.2, and WS-Federation 1.0 standards for Single Sign-On (SSO), plus Session and Federation Management.

Federated Identity Suite Diagram

Features
  • High performance, extremely reliable, and scalable
  • Simultaneous support for 3 classes of standards
  • SAML (2.0)
  • Liberty Alliance (ID-WSF 1.1, ID-WSF 2.0 & ID-FF 1.2)
  • WS-Federation (1.0)
  • Tested and certified Liberty Interoperable™
  • Supports key OASIS specifications
  • XACML 2.0 for rules definition
  • SAML 2.0 Authorization Decision Query
  • Supports authorization queries and identity-based authorization queries
  • Integrates with Privacy Manager (PM) to give end users effective control over their data
  • Powerful built-in scripting enables customizing

 

Benefits
  • Gives Service Providers a reliable policy decision system to manage access to their services
  • XACML support ensures interoperability with all Liberty-compliant entities
  • Define and manage policies quickly and easily using Web GUI
  • Single Sign-On (SSO) increases user convenience and offers tight security for the management interface
  • Reduce costs with a standards-based architecture
  • Back-end integration with LDAP directories and SQL databases is simple and straightforward

 

Platforms Supported
  • Microsoft Windows
  • Solaris Sparc 8 or higher
  • Solaris x86 9 or higher
  • Linux
  • AIX
  • HP/UX
  • Web

About Symlabs
 
Symlabs focuses on Identity Management. We offer "standards based" software components like the Symlabs Virtual Directory Server, Symlabs LDAP Proxy and the Symlabs Federated Identity Suite. We also offer software support, training and professional services.