Anderson Dadario & Denys Vitali
Decoupled Authorization using Policy as Code
#1about 3 minutes
The challenges of embedding authorization in application code
Embedding authorization logic directly into application code leads to tight coupling, auditing difficulties, and operational overhead when policies change.
#2about 6 minutes
Introducing Policy as Code and Open Policy Agent
Policy as Code decouples authorization from business logic, and Open Policy Agent (OPA) is an open-source engine that implements this pattern.
#3about 3 minutes
How OPA works with a simple Rego policy
A simple example demonstrates how an application delegates authorization decisions to OPA by sending a JSON input to be evaluated against a policy written in Rego.
#4about 2 minutes
Demo of basic policy evaluation using OPA
A command-line demo shows how to run OPA tests, start the server, and use curl to query the policy engine with different inputs to get allow or deny decisions.
#5about 7 minutes
Demo of integrating OPA with a Go API middleware
A Go web service uses a middleware to intercept requests, construct an input object, and query OPA to enforce complex, attribute-based access control rules.
#6about 4 minutes
Dynamically updating authorization policies without downtime
By updating a policy file and reloading it into the running OPA server via an API call, authorization rules can be changed instantly without restarting the application.
#7about 3 minutes
Exploring other use cases for OPA beyond web APIs
OPA can enforce policies in various environments, including Kubernetes admission control, Kafka, and even Linux system access via PAM modules.
Related jobs
Jobs that call for the skills explored in this talk.
aedifion GmbH
Köln, Germany
€30-45K
Intermediate
Network Security
Security Architecture
+1
ROSEN Technology and Research Center GmbH
Osnabrück, Germany
Senior
TypeScript
React
+3
Matching moments
01:32 MIN
Organizing a developer conference for 15,000 attendees
Cat Herding with Lions and Tigers - Christian Heilmann
03:17 MIN
Selecting strategic partners and essential event tools
Cat Herding with Lions and Tigers - Christian Heilmann
04:57 MIN
Increasing the value of talk recordings post-event
Cat Herding with Lions and Tigers - Christian Heilmann
03:39 MIN
Breaking down silos between HR, tech, and business
What 2025 Taught Us: A Year-End Special with Hung Lee
05:18 MIN
Incentivizing automation with a 'keep what you kill' policy
What 2025 Taught Us: A Year-End Special with Hung Lee
03:14 MIN
Proactively managing the risks of employee personal branding
Leveraging Leaders’ Voices: The Business Power of Personal Branding
03:15 MIN
The future of recruiting beyond talent acquisition
What 2025 Taught Us: A Year-End Special with Hung Lee
03:28 MIN
Why corporate AI adoption lags behind the hype
What 2025 Taught Us: A Year-End Special with Hung Lee
Featured Partners
Related Videos
1:00:00Un-complicate authorization maintenance
Alex Olivier
26:23OPA for the cloud natives
Philipp Krenn
![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms)
45:57Policy as [versioned] code - you're doing it wrong
Chris Nesbitt-Smith
23:29Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue
Deepu
06:04Keymate – Modern Authorization for Developers
Halil Özkan
33:20DevSecOps: Security in DevOps
Aarno Aukia
1:18:25WeAreDevelopers LIVE - GraalVM in action, Static Analysis insights and more
Chris Heilmann, Daniel Cranney & Rick Ossendrijver
23:26Great DevEx and Regulatory Compliance - Possible?
Martin Reynolds
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
SMG Swiss Marketplace Group
Canton de Valbonne, France
Senior
dmTECH
Karlsruhe, Germany