The components named in the model are:
Policy Administration Point (PAP): This is the point at which access authorization policies are managed.
Policy Enforcement Point (PEP): PEP intercepts user’s access request to a resource, then makes a decision request to the PDP to obtain the access decision (i.e., access to the resource is approved or rejected), and acts on the received decision.
Policy Decision Point (PDP): The PDP will compare the permissions requested in the XACML request against the mapping of the corresponding role as found in the request to the allowed permissions that can be fetched from PIP & PRP. Based on the findings, the PDP will either allow or deny the request.
Policy Information Point (PIP): A centralized attribute store that contains the information of the attribute values (i.e.: Subject, resource, or environmental attributes) referenced in the policy.
Policy Retrieval Point (PRP): A centralized storage of XACML access authorization policies, typically this is a database or filesystem.