This image illustrates a high-level architecture of Oracle Entitlements Server.
The Administration Server provides:
The user interface for system and delegated administrators
The policy administration point for the Management API. The Administration Server is accessible programmatically using the Management API.
The Administration Server is connected to:
The Policy Store which is a persistent storage of policies managed by OES
The identity store which is a separately administered user store that stores identity information
The Authorization Engine has direct access to:
The identity store which is a separately administered user store that stores identity information
The Policy Information Points which are systems that can provide external attributes used in OES
The Authorization Engine serves a Centralized Policy Decision Point or an Embedded Policy Decision Point. The Policy Decision Point is the Security Module.
The Authorization Engine Policy Decision Point is accessed by an Application using Runtime APIs (Policy Enforcement Point APIs).