Securent Entitlement Management Solution (EMS) is comprised of three distinct but seamlessly integrated components:

The PAP provides centralized administration, management and monitoring of entitlement policies, with delegation and integration with enterprise information repositories such as Active Directory and LDAP. The features of the PAP include:

• Browser-based, drag-and-drop user interface for creation of granular entitlement policies (based on user, resource, request context, action, and other environmental attributes)
• Sets per-application as well as enterprise-wide policies
• Administer entitlements including ability to group users and resources, clone and inherit entitlements, and delegate administration
• Manage, review and audit all entitlement policies for all applications through a single centralized interface

The PDP provides run-time resolution of role-based and rule-based authorization policies. The PDPs are typically distributed in a high availability configuration and can run on the same server as the application it is protecting.

• High performance resolution of role-based and rule-based policies and management of distributed decision caches
• Snap-on integration with user information repositories (LDAP, Active Directory) and existing identity management solutions
• Flexibility in deploying the decision points to be local or remote to the resources for which they resolve the entitlement policies
• Standards-based solution with native support for XACML, SOAP, and SAML

PEPs enforce policy decisions made by the PDPs. The PEPs plug into standard J2EE and .NET application servers and also integrate with packaged applications such as portal, email, messaging, content management, and web servers.

• XACML compliant enforcers plug into standard J2EE and .NET servers while also supporting packaged applications
• Optional local cache of entitlement policy decisions for higher performance and availability
• Extensive logging capabilities for audit