Description of the illustration espsj_jd

This image illustrates the Policy Decision Point / Policy Enforcement Point architecture based on Oracle Entitlements Server components. The flow when the Security Module acts in tandem as a Policy Decision Point and a Policy Enforcement Point is as follows:

A request for a resource is received by the PEP protecting it.
The PEP makes an authorization call to the security module PDP.
The PDP evaluates the request and returns a response to the PEP.
If access is permitted the PEP grants the requestor access to the resource; otherwise, access is denied.