The PingDataGovernance Server policy decision point (PDP) API provides an endpoint to support non-API use cases.
The PDP API feature requires PingDataGovernance Premier. For more information, contact your Ping Identity account representative.
The PingDataGovernance Server's main functionality is to enforce fine-grained policies for data accessed through APIs. However, organizations might need to use the core Policy Decision Service for non-API use cases. For example, an application server might use it to request policy decisions when generating dynamic web content. In this configuration, PingDataGovernance Server becomes the PDP, and the application server becomes the policy enforcement point (PEP).
Enforcement points request policy decisions based on a subset of the XACML-JSON standard. For more information, see XACML 3.0 JSON Profile 1.1.
The PDP API can indicate when a request or response triggers advice, but the application server must implement the advice.
- Configure the PingDataGovernance Server with a feature-enabled license during setup.
- Configure an Access Token Validator. For more information, see Access Token Validators.
- Configure the Policy Decision Point Service. For more information, see Use policies in a production environment.
The PDP API supports the MultiRequests JSON object, which allows a client to make multiple decision requests in a single HTTP request.
Because this object also supports single decision requests, it is the only supported XACML-JSON request format.