A Policy Based Management System (PBMS) is a Framework in which an Access Request received by a Policy Enforcement Point (PEP) is presented to a Policy Decision Point (PDP) which retrieves the Authorization Policy data from a Policy Retrieval Point along with data on the Entity requesting access and data on the Target Resource from Policy Information Point(s) and renders a decision to the PDP.

Generally, any of the AAA Servers (or Access Control Engines (ACEs)) transactions may retrieve a Policy or evaluate an Access Control Policy (ACP), and any of the Service Equipment may enforce a policy. Policy Retrieval Point (PRP) (i.e., Policy Repositories) may reside on any of the ACEs) or be located elsewhere in the network.

Data against which ACP conditions are evaluated (such as resource status, session state, or time of day) are accessible at Policy Information Points (PIPs) and might be accessed using Policy Information Blocks (PIBs).

A Policy Based Management System consists of four main functional Non_normative elements: (following RFC2904 - AAA Authorization Framework, except for Policy Administration Point (PAP))