Let’s walk through how a PEP works in the ABAC architecture. First, a user takes action on a resource by making a request to the gate which protects that resource, which is a Policy Enforcement Point (PEP). The PEP will then form a request based on the user’s attributes, the resource they wish to access, the action they are attempting to take on that resource, and other relevant information pertaining to the request. The PEP sends this request to the PDP, which evaluates the request and the policy that applies to the request and decides whether access should be granted. That answer is then sent back to the PEP, which can then allow or deny access to the requester.