PDP (Policy Decision Point)
A PDP is a network node in an application that provides an endpoint to test for policy decisions- i.e. services may ask the PDP if specific actions or requests are allowed according to the set policy. The PDP essentially becomes your microservice for authorization, and can be deployed as a side-car, cluster, or even as a single instance (for light workload scenarios). PDPs need to be highly available, performant and physically close to the querying services to avoid latency.
Deploying the PDP
The most straightforward way to integrate PDPs into a microservices architecture is as sidecars - meaning each microservice has a sidecar container next to it which it can query for policy. Other topologies include centralized PDP, gateway to PDP (i.e. filtering requests at API gateways or proxies).
Permit.io supports all PDP layouts and provides the missing layers on-top of open-source PDP solutions (such as OpenPolicyAgent). These layers include policy delivery and updating, supporting data collection, application level SDKs, application level instrumentation and more. Read about the various layouts you can deploy the PDP with here.
The Permit.io PDP (Which by default bundles together OPA, OPAL, and an API server) is available publicly from Docker hub.
Hosted/Managed cloud PDP option
While we recommend a local PDP for production deployments, a hosted Cloud PDP option is available at
Hosted PDP in your region
If you require a hosted version in a specific region (e.g. to minimize network latency as much as possible), or with other specific specs reach out to us at email@example.com, or in the Slack community.
Powered by OPA+OPAL
Permit.io's PDP orchestration is powered by OPAL - an open source project - developed by the team at Permit.io and supported by a large community of developers and users. Check out this talk with the primary authors of OPAL to learn more about the unique realtime architecture:
OPAL's built-in separation of the data plane from the control plane, enables Permit.io users to enjoy the benefits of a fully distributed PDP solution, without having to be dependant on the availability of the Permit.io cloud, or sharing any data with it.