====== Policy Based Management System (PBMS) ======

A **Policy Based Management System (PBMS)** is a Framework in which an Access Request received by a [[dido:public:ra:xapend:xapend.a_glossary:p:pep]] is presented to a [[[[dido:public:ra:xapend:xapend.a_glossary:p:pdp]] which retrieves the Authorization Policy data from a Policy Retrieval Point along with data on the Entity requesting access and data on the Target Resource from [[dido:public:ra:xapend:xapend.a_glossary:p:pip | Policy Information Point(s)]] and renders a decision to the PDP.

Generally, any of the AAA Servers (or [[dido:public:ra:xapend:xapend.a_glossary:a:aec| Access Control Engines (ACEs)]]) transactions may retrieve a [[dido:public:ra:xapend:xapend.a_glossary:p:policy]] or evaluate an [[dido:public:ra:xapend:xapend.a_glossary:a:acp]], and any of the Service Equipment may enforce a policy. [[dido:public:ra:xapend:xapend.a_glossary:p:prp ]] (i.e., [[dido:public:ra:xapend:xapend.a_glossary:d:datastore#definition_2_security | Policy Repositories]]) may reside on any of the ACEs) or be located elsewhere in the network.

Data against which ACP conditions are evaluated (such as resource status, session state, or time of day) are accessible at [[dido:public:ra:xapend:xapend.a_glossary:p:pip | Policy Information Points (PIPs)]] and might be accessed using [[dido:public:ra:xapend:xapend.a_glossary:p:pib | Policy Information Blocks (PIBs)]].

A **Policy Based Management System** consists of four main functional Non_normative elements: (following [[dido:public:ra:xapend:xapend.b_stds:tech:ietf:2904]], except for [[dido:public:ra:xapend:xapend.a_glossary:p:pap]])


/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/* To add a discussion page to this page, comment out the line that says 
  ~~DISCUSSION:off~~
*/
~~DISCUSSION:on|Outstanding Issues~~
~~DISCUSSION:off~~