diff --git a/pywb/core/indexreader.py b/pywb/core/indexreader.py
index 1f64ade0..e14f1d21 100644
--- a/pywb/core/indexreader.py
+++ b/pywb/core/indexreader.py
@@ -1,6 +1,7 @@
 import urllib
 import urllib2
 
+from pywb.perms.perms_filter import make_perms_cdx_filter
 
 #=================================================================
 class IndexReader(object):
@@ -38,7 +39,7 @@ class IndexReader(object):
 
     def load_cdx(self, wbrequest, params):
         if self.perms_policy:
-            perms_op = self.perms_policy.create_perms_filter_op(wbrequest)
+            perms_op = make_perms_cdx_filter(self.perms_policy, wbrequest)
             if perms_op:
                 params['custom_ops'] = [perms_op]
 
diff --git a/pywb/perms/perms_filter.py b/pywb/perms/perms_filter.py
index d029fc89..4d6c1200 100644
--- a/pywb/perms/perms_filter.py
+++ b/pywb/perms/perms_filter.py
@@ -2,7 +2,25 @@ from pywb.utils.wbexception import AccessException
 
 
 #=================================================================
-def create_filter_op(perms_checker):
+def make_perms_cdx_filter(perms_policy, wbrequest):
+    """
+    Called internally to convert a perms_policy and a request
+    to a filter which can be applied on the cdx
+    """
+    perms_checker = perms_policy(wbrequest)
+    if not perms_checker:
+        return None
+
+    return _create_cdx_perms_filter(perms_checker)
+
+#=================================================================
+def _create_cdx_perms_filter(perms_checker):
+    """
+    Return a function which will filter the cdx given
+    a Perms object.
+    :param perms_checker: a Perms object which implements the
+        allow_url_lookup() and access_check_capture() methods
+    """
 
     def perms_filter_op(cdx_iter, query):
         """
@@ -25,18 +43,24 @@ def create_filter_op(perms_checker):
 
 
 #================================================================
-class AllowAllPermsPolicy(object):
-    def create_perms_filter_op(self, wbrequest):
-        return create_filter_op(self.create_perms_checker(wbrequest))
+def allow_all_perms_policy(wbrequest):
+    """
+    Perms policy which always returns a default Perms object
+    which allows everything.
 
-    def create_perms_checker(self, wbrequest):
-        return AllowAllPerms()
+    The perms object is created per request and may store request
+    state, if necessary.
+
+    The same perms object may be called with multiple queries
+    (such as for each cdx line) per request.
+    """
+    return Perms()
 
 
 #=================================================================
-class AllowAllPerms(object):
+class Perms(object):
     """
-    Sample Perm Checker which allows all
+    A base perms checker which allows everything
     """
 
     def allow_url_lookup(self, key):
diff --git a/pywb/perms/perms_handler.py b/pywb/perms/perms_handler.py
index 9f3715e1..1a1b9507 100644
--- a/pywb/perms/perms_handler.py
+++ b/pywb/perms/perms_handler.py
@@ -19,7 +19,7 @@ class PermsHandler(WbUrlHandler):
         self.url_canon = url_canon
 
     def __call__(self, wbrequest):
-        perms_checker = self.perms_policy.create_perms_checker(wbrequest)
+        perms_checker = self.perms_policy(wbrequest)
 
         if wbrequest.wb_url:
             return self.check_single_url(wbrequest, perms_checker)
diff --git a/pywb/perms/test/test_perms.py b/pywb/perms/test/test_perms.py
index 0cf1f6f1..3e86835e 100644
--- a/pywb/perms/test/test_perms.py
+++ b/pywb/perms/test/test_perms.py
@@ -8,7 +8,7 @@ from pywb.core.indexreader import IndexReader
 
 from pytest import raises
 
-from tests.fixture import TestExclusionPermsPolicy, testconfig
+from tests.fixture import testconfig
 
 
 #================================================================
diff --git a/test_config.yaml b/test_config.yaml
index a0df3a6f..8517834f 100644
--- a/test_config.yaml
+++ b/test_config.yaml
@@ -101,4 +101,4 @@ reporter: !!python/object/new:tests.fixture.PrintReporter []
 #domain_specific_rules: rules.yaml
 
 #perms_checker: !!python/object/new:pywb.cdx.perms.AllowAllPerms []
-perms_policy:  !!python/object/new:tests.fixture.TestExclusionPermsPolicy []
+perms_policy: !!python/name:tests.fixture.test_exclusion_perms_policy
diff --git a/tests/fixture.py b/tests/fixture.py
index a5b57c19..a032d081 100644
--- a/tests/fixture.py
+++ b/tests/fixture.py
@@ -3,7 +3,7 @@ import pytest
 
 import yaml
 
-from pywb.perms.perms_filter import AllowAllPerms, AllowAllPermsPolicy
+from pywb.perms.perms_filter import Perms
 
 @pytest.fixture
 def testconfig():
@@ -27,7 +27,7 @@ class PrintReporter:
         pass
 
 #================================================================
-class TestExclusionPerms(AllowAllPerms):
+class TestExclusionPerms(Perms):
     """
     Perm Checker fixture to block a single url for testing
     """
@@ -46,6 +46,5 @@ class TestExclusionPerms(AllowAllPerms):
 
 
 #================================================================
-class TestExclusionPermsPolicy(AllowAllPermsPolicy):
-    def create_perms_checker(self, wbrequest):
-        return TestExclusionPerms()
+def test_exclusion_perms_policy(wbrequest):
+    return TestExclusionPerms()