Anderson Dadario & Denys Vitali

Decoupled Authorization using Policy as Code

What if you could change authorization rules without redeploying your application? See how to manage access control like code.

Decoupled Authorization using Policy as Code
#1about 3 minutes

The challenges of embedding authorization in application code

Embedding authorization logic directly into application code leads to tight coupling, auditing difficulties, and operational overhead when policies change.

#2about 6 minutes

Introducing Policy as Code and Open Policy Agent

Policy as Code decouples authorization from business logic, and Open Policy Agent (OPA) is an open-source engine that implements this pattern.

#3about 3 minutes

How OPA works with a simple Rego policy

A simple example demonstrates how an application delegates authorization decisions to OPA by sending a JSON input to be evaluated against a policy written in Rego.

#4about 2 minutes

Demo of basic policy evaluation using OPA

A command-line demo shows how to run OPA tests, start the server, and use curl to query the policy engine with different inputs to get allow or deny decisions.

#5about 7 minutes

Demo of integrating OPA with a Go API middleware

A Go web service uses a middleware to intercept requests, construct an input object, and query OPA to enforce complex, attribute-based access control rules.

#6about 4 minutes

Dynamically updating authorization policies without downtime

By updating a policy file and reloading it into the running OPA server via an API call, authorization rules can be changed instantly without restarting the application.

#7about 3 minutes

Exploring other use cases for OPA beyond web APIs

OPA can enforce policies in various environments, including Kubernetes admission control, Kafka, and even Linux system access via PAM modules.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

The security challenges of building AI browser agents
06:33 MIN

The security challenges of building AI browser agents

AI in the Open and in Browsers - Tarek Ziadé

Using AI agents to modernize legacy COBOL systems
06:28 MIN

Using AI agents to modernize legacy COBOL systems

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Improving the developer feedback loop with specialized tools
03:16 MIN

Improving the developer feedback loop with specialized tools

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The origin story of the Polypane developer browser
05:28 MIN

The origin story of the Polypane developer browser

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Using AI to overcome challenges in systems programming
02:49 MIN

Using AI to overcome challenges in systems programming

AI in the Open and in Browsers - Tarek Ziadé

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Featured Partners

Related Videos

See all videos
Un-complicate authorization maintenance1:00:00

Un-complicate authorization maintenance

Alex Olivier

OPA for the cloud natives26:23

OPA for the cloud natives

Philipp Krenn

Policy as [versioned] code - you're doing it wrong45:57

Policy as [versioned] code - you're doing it wrong

Chris Nesbitt-Smith

Keymate – Modern Authorization for Developers06:04

Keymate – Modern Authorization for Developers

Halil Özkan

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue23:29

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue

Deepu

Architecting API Security47:34

Architecting API Security

Philippe De Ryck

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

WeAreDevelopers LIVE - GraalVM in action, Static Analysis insights and more1:18:25

WeAreDevelopers LIVE - GraalVM in action, Static Analysis insights and more

Chris Heilmann, Daniel Cranney & Rick Ossendrijver

Related Articles

View all articles
CH
Chris Heilmann
With AIs wide open - WeAreDevelopers at All Things Open 2025
Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...
With AIs wide open - WeAreDevelopers at All Things Open 2025

From learning to earning

Jobs that call for the skills explored in this talk.