The Policy Information Point (PIP)
The PIP is typically composed of many AttributeValueProviders, and provides a single point of contact for the PDP to request attribute values.
Attribute Value Providers
Enforcer ships with a number of AttributeValueProviders that you can use or extend for your policies.
EnvironmentAttributeValueProvider
This attribute value provider provides time based information for both local time and UTC.
ClaimsAttributeValueProvider
The claims attribute value provider is for use in AspNet Core and will take the claims information from the authenticated user's ClaimsPrincipal and present those as attributes for evaluation.
ActionExecutingContextAttributeValueProvider
This attribute value provider is for use in AspNet Core. It is used by the EnforcerAuthorizationAttribute to pull selected information from the model binding and action method parameters, providing these as attributes for the evaluation process.
DynamicAttributeValueProvider
This attribute value provider allows you to add values at runtime to either directly pass into policy evaluation or, if running in AspNet Core then there is an IDynamicAttributeValueProvider that can be resolved by Dependency Injection (DI) so that your custom middleware, and other components, can add attribute values.
Record Attribute Value Providers
These two providers allow you to define an 'attribute record' class by applying custom attributes to properties. An instance of this 'record' will then be used to provide attribute values to the PDP. There is a base class RecordAttributeValueProvider that you can derive from, defining how you get the record in a method override. This allows you to place this provider in a DI container. There is, also, a DelegatingRecordAttrubuteValueProvider that you pass a delegate to get the record instance to be used to provide attribute values.
Guidance on creating your own AttributeValueProvider can be found here
AttributeValueProvider
This is a low level base class for creating custom attribute value providers. This can be used if the record based ones do not fit your scenario.