...
The PAP provides interfaces and management of policy definitions. It utilizes the XACML database to store policy definitions, which are then distributed to the PDPs.
The XACML and Drools databases<<TODO: Link to database top page>> databases are hosted in a MariaDB cluster. The XACML database is used to persist policy definitions and provide a point for PDPs to retrieve policy definitions. The XACML database also has tables used for node state management<<TODO: Link to state management top page>>, detection of node failure and failover <<TODO: Link to system integrity top page>>. As indicated above, the state management tables will only include entries for the PAP and PDP-X as the testing is not yet complete for the PDP-D.
The PDP-X receives deployed policies and has interfaces to handle XACML policy transactions<<TODO: Link to XACML transaction interface top page>>transactions. These transactions are stateless and once complete, they are removed from memory. If a policy that is deployed to the PDP-X is of an operational nature it will contain Drools rules and Java executables. These artifacts are processed into Maven artifacts and pushed to the Maven Repository<<Link to the Maven Repository top page>>repository. The PDP-D is then notified a new policy has been deployed.
When the PDP-D is notified a new policy has been deployed, it downloads it from the Maven repository and assigns it to an internal controller. This controller provides the external Closed Loop<<TODO: Link to Closed Loop transactions top page>> interfaces to the UEB/DMaaP message bus over which events and messages are exchanged with external systems. As events or messages arrive at the PDP-D, they are assigned to the appropriate controller and a Drools session is either created or retrieved from memory. The events, messages or facts are passed to the Drools session and the rule engine is fired, resulting in a change of internal session state and possibly actions taken in response to the rule processing. Response messages and requests are passed by the controller back over the UEB/DMaaP message bus to the appropriate system. The Drools session can also have timers and autonomous events. In a future release the PDP-D will enable the node state management and session persistence in the Drools DB.
...