PEP Service
The PEP Service provides a WSDL interface for the PEP implementation. It basically is a PEP SOAP service to be used as dedicated PEP.
The Policy Enforcement Service is a Policy enforcement point (PEP) that is able to protect an arbitrary web service. It receives a service request to a protected service and requests an authorisation decision from a policy decision point (PDP), usually an instance of the Policy Management and Authorisation Service. Depending on the authorisation decision (currently permit or deny) it forwards the original request to protected service or returns an error document (e.g. access denied).
The advantage of this approach is the ability to provide non-intrusive web service security where the service to be protected may remain untouched .The main disadvantage of this approach is that the PEP implements a different interface than the protected service and therefore needs extra security-enabled client components. As a consequence the protected service itself is no longer „visible“ and directly accessible within the network.