Authorization judgment process. (1) The user sends the original request to apply for access to the resource. (2) After receiving the original request, the policy enforcement point (PEP) constructs a request in xacml format and sends it to the policy deployment point(PDP). (3) PDP requests to obtain the policy file in the policy administration point (PAP) according to the xacml request; (4) After the PDP obtains the policy file, it sends a request to the policy information point (PIP) to obtain the required attribute values (theme attribute, environment attribute, and resource attribute) in the policy file. (5) The PDP makes the judgment result (permit, deny, uncertain, and not applicable) according to the policy file and returns it to the PEP. (6) If the result is permit, the PEP sends an access request to the resource. (7) After the PEP obtains the resource, it returns the resource to the user.