Anderson Dadario & Denys Vitali
Decoupled Authorization using Policy as Code
#1about 3 minutes
The challenges of embedding authorization in application code
Embedding authorization logic directly into application code leads to tight coupling, auditing difficulties, and operational overhead when policies change.
#2about 6 minutes
Introducing Policy as Code and Open Policy Agent
Policy as Code decouples authorization from business logic, and Open Policy Agent (OPA) is an open-source engine that implements this pattern.
#3about 3 minutes
How OPA works with a simple Rego policy
A simple example demonstrates how an application delegates authorization decisions to OPA by sending a JSON input to be evaluated against a policy written in Rego.
#4about 2 minutes
Demo of basic policy evaluation using OPA
A command-line demo shows how to run OPA tests, start the server, and use curl to query the policy engine with different inputs to get allow or deny decisions.
#5about 7 minutes
Demo of integrating OPA with a Go API middleware
A Go web service uses a middleware to intercept requests, construct an input object, and query OPA to enforce complex, attribute-based access control rules.
#6about 4 minutes
Dynamically updating authorization policies without downtime
By updating a policy file and reloading it into the running OPA server via an API call, authorization rules can be changed instantly without restarting the application.
#7about 3 minutes
Exploring other use cases for OPA beyond web APIs
OPA can enforce policies in various environments, including Kubernetes admission control, Kafka, and even Linux system access via PAM modules.
Related jobs
Jobs that call for the skills explored in this talk.
IGEL Technology GmbH
Bremen, Germany
Senior
Java
IT Security
Matching moments
02:33 MIN
Introducing the Open Policy Agent (OPA) and Rego
OPA for the cloud natives
04:00 MIN
Introducing Open Policy Agent for custom policies
A practical guide to writing secure Dockerfiles
05:18 MIN
A modern approach using a decoupled authorization service
Un-complicate authorization maintenance
22:06 MIN
Q&A on policy culture, tooling, and security
Policy as [versioned] code - you're doing it wrong
04:48 MIN
Using the OPA Playground to test and debug policies
OPA for the cloud natives
03:07 MIN
Addressing performance and adoption challenges with OPA
OPA for the cloud natives
08:02 MIN
Implementing decoupled authorization with the sidecar pattern
Un-complicate authorization maintenance
01:21 MIN
Automating policy enforcement with admission controllers
Kubernetes Security Best Practices
Featured Partners
Related Videos
1:00:00Un-complicate authorization maintenance
Alex Olivier
26:23OPA for the cloud natives
Philipp Krenn
33:20DevSecOps: Security in DevOps
Aarno Aukia
29:34You can’t hack what you can’t see
Reto Kaeser
44:00Enhancing Workload Security in Kubernetes
Dimitrij Klesev & Andreas Zeissner
45:19Security Challenges of Breaking A Monolith
Reinhard Kugler
![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms)
45:57Policy as [versioned] code - you're doing it wrong
Chris Nesbitt-Smith
06:04Keymate – Modern Authorization for Developers
Halil Özkan
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Oci
Lawley and Overdale, United Kingdom
Intermediate
C++
DNS
Java
Linux
DevOps
+8
Oci
Peterborough, United Kingdom
Intermediate
C++
DNS
Java
Linux
DevOps
+8
Rocken AG
Aarau, Switzerland
Remote
DevOps
Docker
Kubernetes
Network Security
+1
OBI Group Holding GmbH
Atruvia AG
Karlsruhe, Germany
API
Scrum
Unit Testing
Agile Methodologies
BWI GmbH
Idar-Oberstein, Germany
Linux
JavaScript
Kubernetes