Anderson Dadario & Denys Vitali
Decoupled Authorization using Policy as Code
#1about 3 minutes
The challenges of embedding authorization in application code
Embedding authorization logic directly into application code leads to tight coupling, auditing difficulties, and operational overhead when policies change.
#2about 6 minutes
Introducing Policy as Code and Open Policy Agent
Policy as Code decouples authorization from business logic, and Open Policy Agent (OPA) is an open-source engine that implements this pattern.
#3about 3 minutes
How OPA works with a simple Rego policy
A simple example demonstrates how an application delegates authorization decisions to OPA by sending a JSON input to be evaluated against a policy written in Rego.
#4about 2 minutes
Demo of basic policy evaluation using OPA
A command-line demo shows how to run OPA tests, start the server, and use curl to query the policy engine with different inputs to get allow or deny decisions.
#5about 7 minutes
Demo of integrating OPA with a Go API middleware
A Go web service uses a middleware to intercept requests, construct an input object, and query OPA to enforce complex, attribute-based access control rules.
#6about 4 minutes
Dynamically updating authorization policies without downtime
By updating a policy file and reloading it into the running OPA server via an API call, authorization rules can be changed instantly without restarting the application.
#7about 3 minutes
Exploring other use cases for OPA beyond web APIs
OPA can enforce policies in various environments, including Kubernetes admission control, Kafka, and even Linux system access via PAM modules.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
02:33 MIN
Introducing the Open Policy Agent (OPA) and Rego
OPA for the cloud natives
04:00 MIN
Introducing Open Policy Agent for custom policies
A practical guide to writing secure Dockerfiles
05:18 MIN
A modern approach using a decoupled authorization service
Un-complicate authorization maintenance
03:07 MIN
Addressing performance and adoption challenges with OPA
OPA for the cloud natives
22:06 MIN
Q&A on policy culture, tooling, and security
Policy as [versioned] code - you're doing it wrong
04:48 MIN
Using the OPA Playground to test and debug policies
OPA for the cloud natives
08:02 MIN
Implementing decoupled authorization with the sidecar pattern
Un-complicate authorization maintenance
01:21 MIN
Automating policy enforcement with admission controllers
Kubernetes Security Best Practices
Featured Partners
Related Videos
26:23OPA for the cloud natives
Philipp Krenn
1:00:00Un-complicate authorization maintenance
Alex Olivier
![Policy as [versioned] code - you're doing it wrong](https://customer-goifxnzhrq3d0d54.cloudflarestream.com/23fa4a514c18f0a9b39573f31d96ba54/thumbnails/thumbnail.jpg?time=33000ms)
45:57Policy as [versioned] code - you're doing it wrong
Chris Nesbitt-Smith
33:20DevSecOps: Security in DevOps
Aarno Aukia
23:29Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue
Deepu
06:04Keymate – Modern Authorization for Developers
Halil Özkan
48:42OOP revisited
Dominik Przybysz
29:34You can’t hack what you can’t see
Reto Kaeser
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Serviceware SE
Onlu
Lucerne, Switzerland
€80-150K
DevOps
Docker
Kubernetes
Devoteam
HTML
Microsoft Access