Architecture

Permguard consists of several services, which can be deployed either on a single instance using the all-in-one distribution, or individually using separate distributions for each service."

Zone Administration Point (ZAP)#

The Zone Administration Point (ZAP) serves as the central repository for managing zone information and configurations. Furthermore, it provides an administration API.

Policy Administration Point (PAP)#

The Policy Administration Point (PAP) serves as the central repository for managing the zone policies. Furthermore, it provides an administration API.

Policy Information Point (PIP)#

The Policy Information Point (PIP) is the service responsible for providing additional information to the Policy Decision Point (PDP) to make informed decisions.

Policy Decision Point (PDP)#

The Policy Decision Point (PDP) is the service responsible for evaluating policies and making decisions based on them. It can be deployed as either a remote service or a proximity service.

The key difference lies in the fact that the remote service returns consistent decisions to the caller but may experience high latency or interruption and unavailability because of network partitioning. In contrast, proximity services are deployed in proximity to the caller, providing low latency as they operate on an eventual consistent basis. This ensures faster decision returns as they synchronize policies. It’s important to note that this service can be out of sync, especially in the event of network partitioning.