Anderson Dadario & Denys Vitali
Decoupled Authorization using Policy as Code
#1about 3 minutes
The challenges of embedding authorization in application code
Embedding authorization logic directly into application code leads to tight coupling, auditing difficulties, and operational overhead when policies change.
#2about 6 minutes
Introducing Policy as Code and Open Policy Agent
Policy as Code decouples authorization from business logic, and Open Policy Agent (OPA) is an open-source engine that implements this pattern.
#3about 3 minutes
How OPA works with a simple Rego policy
A simple example demonstrates how an application delegates authorization decisions to OPA by sending a JSON input to be evaluated against a policy written in Rego.
#4about 2 minutes
Demo of basic policy evaluation using OPA
A command-line demo shows how to run OPA tests, start the server, and use curl to query the policy engine with different inputs to get allow or deny decisions.
#5about 7 minutes
Demo of integrating OPA with a Go API middleware
A Go web service uses a middleware to intercept requests, construct an input object, and query OPA to enforce complex, attribute-based access control rules.
#6about 4 minutes
Dynamically updating authorization policies without downtime
By updating a policy file and reloading it into the running OPA server via an API call, authorization rules can be changed instantly without restarting the application.
#7about 3 minutes
Exploring other use cases for OPA beyond web APIs
OPA can enforce policies in various environments, including Kubernetes admission control, Kafka, and even Linux system access via PAM modules.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
05:44 MIN
Introducing the Open Policy Agent (OPA) and Rego
OPA for the cloud natives
30:46 MIN
Introducing Open Policy Agent for custom policies
A practical guide to writing secure Dockerfiles
23:10 MIN
A modern approach using a decoupled authorization service
Un-complicate authorization maintenance
11:35 MIN
Using the OPA Playground to test and debug policies
OPA for the cloud natives
20:46 MIN
Addressing performance and adoption challenges with OPA
OPA for the cloud natives
28:28 MIN
Implementing decoupled authorization with the sidecar pattern
Un-complicate authorization maintenance
16:23 MIN
Exploring OPA deployment patterns and advanced use cases
OPA for the cloud natives
23:53 MIN
Answering audience questions about OPA and Rego
OPA for the cloud natives
Featured Partners
Related Videos
1:00:00Un-complicate authorization maintenance
Alex Olivier
26:23OPA for the cloud natives
Philipp Krenn
33:20DevSecOps: Security in DevOps
Aarno Aukia
29:34You can’t hack what you can’t see
Reto Kaeser
44:00Enhancing Workload Security in Kubernetes
Dimitrij Klesev & Andreas Zeissner
45:19Security Challenges of Breaking A Monolith
Reinhard Kugler
40:38How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR
Anna Bacher
![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms)
45:57Policy as [versioned] code - you're doing it wrong
Chris Nesbitt-Smith
From learning to earning
Jobs that call for the skills explored in this talk.
![Senior Software Engineer [TypeScript] (Prisma Postgres)](https://wearedevelopers.imgix.net/company/283ba9dbbab3649de02b9b49e6284fd9/cover/oKWz2s90Z218LE8pFthP.png?w=400&ar=3.55&fit=crop&crop=entropy&auto=compress,format)
Senior Software Engineer [TypeScript] (Prisma Postgres)
Prisma
Remote
Senior
Node.js
TypeScript
PostgreSQL
Cloud Security Engineer
Policy Expert
Charing Cross, United Kingdom
Google Cloud Platform
Continuous Integration
Amazon Web Services (AWS)